Core issue
This problem hits Cisco bug ID CSCdt13896.
In later versions of Cisco IOS Software (12.1(5)T and later), the service password-encryption command encrypts the Remote Authentication Dial-In User Service (RADIUS) key in the configuration file. However, the TACACS+ key is not similarly encrypted.
Resolution
To resolve this issue, upgrade the Cisco IOS Software. The fix for this bug is integrated in these software versions:
- 12.3(1.5)
- 12.3(1.5)T
- 12.2(17.4)
- 12.2(17.4)S
- 12.3(2.3)B
- 12.3(7)XI
- 12.0(31.1)S
- 12.1(22)EA07
Download the image 12.3(1.5) or later IOS from Downloads.