CiscoSecure ACS for Windows NT and LDAP Server Null Password Vulnerability

There are certain Lightweight Directory Access Protocol (LDAP) servers that allow users to have undefined passwords. If CiscoSecure ACS for Windows NT is used in conjunction with a LDAP server containing null passwords, it is possible for remote users to bypass authentication measures and gain privileges on routers and switches which they normally would not have access to.


 

Privacy Statement
Copyright 2010, SecurityFocus