'PASSCODE REUSE ATTACK DETECTED' or 'SIMULTANEOUS AUTH detected'

4 months ago

Originally Published: 2002-08-06

Article Number

000056125

Applies To

Cisco VPN 3000 Concentrator

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager, Radius server
RSA Version/Condition: 6.1

Issue

Error: "PASSCODE REUSE ATTACK DETECTED" in ACE/Server logs
"Access denied" on Client
Error: "SIMULTANEOUS AUTH detected" in RSA ACE/Server logs

Cause

Retransmitted packets from the Cisco appear to be new authentication requests

Resolution

To correct this issue, upgrade the VPN 3000 Concentrator to at least 3.5.3 and configure an 8-10 second retransmission time-out (not the default 4 second)

Cisco has changed the formatting of the retransmitted authentication requests so the ACE/Server will correctly interpret the retransmitted packets and not deny access to the user. The retransmitted request will be identical to the original, enabling the ACE/Server to detect the request is a retransmission and enabling it to retransmit the original response.

As a workaround, reconfigure the VPN Concentrator to wait longer for a response from ACE/Server and not retransmit the request. Retransmitted requests will fail if the ACE/Server receives a second request when the Concentrator is at 3.5.2 or earlier. Cisco Menu on a 3000 has timeout =, change it from default 4 seconds to 8 seconds to give ACE server enough time to get first response back to Cisco

If the Agent host Timeout is not the problem, apply Hot Fix Roll-up 5 to Auth Manager 6.1.2, it fixes a problem where ACE database holds first auth request for up to 30 seconds, forcing Agent host to retransmit, and causing both PASSCODE REUSE ATTACK DETECTED and SIMULTANEOUS AUTH detected

Don't see what you're looking for?

Related Articles

Trending Articles