Hi,
as the title of my posts says, our security group raised concern over this topic.
The problem is that during a "show run" of the device, the tacacs+ shared key is encrypted with mode 7 which means that it is possible to get the authentication key rather easily from any website. So they asked us if it is possible to change the encryption of that key to something more secure.
The router is an ASR9k using IOS-XR 7.1.3 64-bit, but the only options I get from the CLI are 0 and 7. Is there a way to use any other mode?
Thank you