'PASSCODE REUSE ATTACK DETECTED' or 'SIMULTANEOUS AUTH detected'
Originally Published: 2002-08-06
Article Number
Applies To
Cisco VPN 3000 Concentrator
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager, Radius server
RSA Version/Condition: 6.1
Issue
"Access denied" on Client
Error: "SIMULTANEOUS AUTH detected" in RSA ACE/Server logs
Cause
Resolution
Cisco has changed the formatting of the retransmitted authentication requests so the ACE/Server will correctly interpret the retransmitted packets and not deny access to the user. The retransmitted request will be identical to the original, enabling the ACE/Server to detect the request is a retransmission and enabling it to retransmit the original response.
As a workaround, reconfigure the VPN Concentrator to wait longer for a response from ACE/Server and not retransmit the request. Retransmitted requests will fail if the ACE/Server receives a second request when the Concentrator is at 3.5.2 or earlier. Cisco Menu on a 3000 has timeout =, change it from default 4 seconds to 8 seconds to give ACE server enough time to get first response back to Cisco
If the Agent host Timeout is not the problem, apply Hot Fix Roll-up 5 to Auth Manager 6.1.2, it fixes a problem where ACE database holds first auth request for up to 30 seconds, forcing Agent host to retransmit, and causing both PASSCODE REUSE ATTACK DETECTED and SIMULTANEOUS AUTH detected
Related Articles
Auth Source on login screen changes randomly in SecurID Governance & Lifecycle Number of Views 7./0 Apache Web Agent for Securid/Auth Manager 7.X on Unix - why is RPC required? Number of Views RSA Authentication Manager Auth SDK 8.5 (Java) failed on startup (TLS_DHE_RSA_WITH_AES_256_CBC_SHA) Number of Views AM Auth SDK 8.5 (for Java) troubleshooting -- Invalid config file Invalid bootstrap data Number of Views 'decrypt error: IV missing' in Java auth API trace log Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
