This advisory presents an analysis of several vulnerabilities in the TACACS+ protocol. Unfortunately, only some of the vulnerabilities can be fixed without breaking the interoperability. Thus, the main purpose of this advisory is to identify the weaknesses, to allow for a conscious decision to be made on how much trust to place into the encryption offered by TACACS+.
You can download it from the following link: https://packetstormsecurity.com/files/download/22029/tacacs.analysis.txt
Source: https://packetstormsecurity.com/files/22029/tacacs.analysis.txt.html