Is anyone aware of any instances where Cisco Secure has been compromised to reveal TACACS+ user IDs/passwords?
This question stems from the issue of whether ACS servers should be added to an existing Windows domain or to a totally seperate domain of their own. If the existing domain is compromised so that someone now has Domain Admin rights on the ACS servers (but not an ACS admin ID), could this lead to them somehow cracking TACACS+ passwords or creating their own ID?
Are there any Proof-Of-Concepts out there?