No … only a one time password. My password does not leave my computer. But again. Yes, you can construct something that might be a risk. But the users (by intention very limited amount) cannot run unsigned code (a Gert described already). So in the moment we are waiting for the vendors and than use with the next software update a fixed version. But we have no need to hurry are any reason for panic.
— Sebastian Becker s...@lab.dtag.de > Am 08.01.2018 um 18:11 schrieb Chuck Anderson <c...@wpi.edu>: > > > Umm, you type the password into the box, right? The box stores that password > in memory so that it can build a TACACS+ request packet to send to the > server? Unless you are using SSH keys in lieu of passwords. > > On Mon, Jan 08, 2018 at 05:16:01PM +0100, Sebastian Becker wrote: >> The password will not be seen on the box itself so no problem. The users are >> tacacs+ authorized/authenticated. >> Most scenarios are much easier to accomplish by using the already granted >> rights on the boxes per user then using these kinds of attack vectors opened >> by Meltdown and Spectre. >> >> Our boxes simply do not run other code than that what is delivered by the >> vendors. >> >> — >> Sebastian Becker >> s...@lab.dtag.de >> >>> Am 08.01.2018 um 09:32 schrieb Thilo Bangert <thilo.bang...@gmail.com>: >>> >>> Den 06-01-2018 kl. 19:49 skrev Sebastian Becker: >>>> Same here. User that have access are implicit trusted. >>> >>> You do have individual user accounts on the equipment, right? >>> >>> The idea of having secure individual logins goes down the drain with >>> Meltdown and Spectre. You want to be sure that a person logged into a box >>> cannot snoop the password of a co-worker. >>> >>> Meltdown and Spectre are relevant on all affected computing equipment. >>> >>>> So no need for panic. >>> >>> The usefulness of panic has been degrading the past couple of thousand >>> years ;-) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
