Symptom
When ISE receives this malformed TACACS accounting packet ISE will throw an error : "TACACS: Invalid TACACS+ request packet- possibly mismatched Shared Secrets" and shows it in the TACACS+ authentication report, even though it is an accounting packet.
Conditions
The bug occurs under the following conditions:
1. Switch is configured to send system accounting via TACACS+
2. One of the accounting arguments has a length greater than 255 bytes. For example, lets say 257 bytes.
3. The length for this argument would be 0x0101. However, tacacs only allows 1 byte for argument length. So the switch only sends the length has 0x01
4. This causes a malformed TACACS+ accounting packet.
Further Problem Description
The bug occurs under the following conditions:
1. Switch is configured to send system accounting via TACACS+
2. One of the accounting arguments has a length greater than 255 bytes. For example, lets say 257 bytes.
3. The length for this argument would be 0x0101. However, tacacs only allows 1 byte for argument length. So the switch only sends the length has 0x01
4. This causes a malformed TACACS+ accounting packet.
When ISE receives this malformed TACACS accounting packet ISE will throw an error : "TACACS: Invalid TACACS+ request packet- possibly mismatched Shared Secrets" and shows it in the TACACS+ authentication report, even though it is an accounting packet.
