Didier Stevens

Monday 23 January 2012

IOS: Let Me Truncate That Password For You…

Filed under: Networking — Didier Stevens @ 0:40

When I configured this Cisco router (IOS version 15.0(1)M5) with dynamic dns, it failed to properly update its public IP address on the dynamic dns site. Turning on debugging (debug ip ddns update) revealed an authentication issue:

*Jan 20 22:53:55.591: HTTPDNSUPD: DATA START badauth

A simple test confirmed what I suspected: IOS truncates the password. In can’t be longer than 15 characters.

Here’s the config of my test, with username test and a 20 character password:

And here’s what the web server receives:

The password received by the webserver is 0123456789abcde. In other words, IOS has truncated the password to the first 15 characters and included it in headers of the http(s) GET request that updates the dynamic dns info.

It’s possible that the username also gets truncated to 15 characters, however I’ve not tested this.

The Cisco bug ID is CSCtx50249.

Blog at WordPress.com.