Showing results for 
Search instead for 
Did you mean: 

Cisco ACS 5.7 Usernames for devices appear to be case insensitive ?

Vic de



I was wondering if anyone could advise on the following issue.


We have implemented Cisco ACS 5.7 and have noticed that the unsernames for the routers etc are authorised regardless of case sensivity.


In other words if you had a user on the system known as Mike, the ACS authorises the user if he enters MIke or MIKE.


Can anyone please advise on this as it appears to be a backward step in security or am I missing a setting on the ACS ?


Many Thanks


1 Reply 1

Rising star
Rising star


If you are using LDAP integration, then naturally since LDAP is case-insensitive for account names then it stands to reason that the username is case-insensitive. For AD integration, SMB can be either case-sensitive or not depending on configuration, but is usually case-insensitive to a certain complexity. It is then up to the authentication server (ACS) to decide how to treat the access-request. 

Therefore this isn't much of a security trade off from a username brute-force perspective since the underlying infrastructure operates as case-insensitive.

From what I can tell in the first versions of ACS 5.x, the server decided that authentication would be performed case-insensitive and authorization would be case-sensitive. I suppose that at some point along the way Cisco changed this. Take a look at:

P.S.  Local usernames within Cisco equipment can be made to be case-sensitive using the local-case keyword within aaa commands.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers