• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco Secure Access Control Server Remote Authentication Bypass Vulnerability

Solution:
The vendor has released an upgrade along with fixes dealing with this issue.

Customers with service contracts are advised to obtain the upgrades through regular channels. All others should contact the vendor for more details. Please see the referenced vendor advisory for contact information.

The following fixed versions of the affected libraries have been released along with detailed installation instructions:


Cisco Secure Access Control Server 3.3 (1)

• Cisco CSCef62913-fix-ACSWIN-v3.3.1.16.zip
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure Access Control Server 3.3.1

• Cisco CSCef62913-fix-ACSWIN-v3.3.1.16.zip
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure ACS Solution Engine 3.3.1

• Cisco CSCef62913-fix-ACSSE-v3.3.1.16.zip
  http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des