Skip to main content

Cisco Secure Access Control System Password Validation Vulnerability

Last Update Date: 8 Nov 2012 11:24 Release Date: 8 Nov 2012 4860 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Cisco Secure Access Control System. A remote user can bypass TACACS+ authentication.

 

The system does not properly validate user-supplied passwords when TACACS+ is the authentication protocol and the Cisco Secure Access Control System (ACS) is configured with an LDAP external identity store.

 

A remote user with knowledge of a valid username can send a specially crafted sequence of characters when prompted for the user password to bypass TACACS+ authentication.


Impact

  • Security Restriction Bypass

System / Technologies affected

  • Versions 5.0, 5.1, 5.2, 5.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link