Cisco Secure ACS Insecure Password Storage Vulnerability

Bugtraq ID: 16743
Class: Design Error
CVE: CVE-2006-0561
Remote: Yes
Local: Yes
Published: May 08 2006 12:00AM
Updated: May 15 2006 07:54PM
Credit: Andreas Junestam is credited with the discovery of this issue.
Vulnerable: Cisco Secure ACS for Windows Server 3.2
Cisco Secure ACS for Windows NT 3.3
Cisco Secure ACS for Windows NT 3.2
Cisco Secure ACS for Windows NT 3.1.1
Cisco Secure ACS for Windows NT 3.1
Cisco Secure ACS for Windows NT 3.0.3
Cisco Secure ACS for Windows NT 3.0 .1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
Cisco Secure ACS for Windows NT 3.0
Cisco Secure Access Control Server 3.3.2
Cisco Secure Access Control Server 3.3.1
Cisco Secure Access Control Server 3.3 (1)
Cisco Secure Access Control Server 3.3
Cisco Secure Access Control Server 3.2.2
Cisco Secure Access Control Server 3.2.1
Cisco Secure Access Control Server 3.2 (3)
Cisco Secure Access Control Server 3.2 (2)
Cisco Secure Access Control Server 3.2 (1.20)
Cisco Secure Access Control Server 3.2 (1)
Cisco Secure Access Control Server 3.2
Cisco Secure Access Control Server 3.1
Cisco Secure Access Control Server 3.0
Cisco Secure Access Control Server
Not Vulnerable: Cisco Secure ACS Solution Engine
Cisco Secure Access Control Server 4.0.1


 

Privacy Statement
Copyright 2010, SecurityFocus