Cisco Secure Access Control System (ACS) CVE-2012-5424 Authentication Bypass Vulnerability

Cisco Secure Access Control System (ACS) is prone to an authentication-bypass vulnerability because it fails to properly validate user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store.

This issue is being tracked by Cisco Bug ID CSCuc65634.

An attacker can exploit this issue to impersonate a user and bypass the authentication to any system that uses TACACS+ protocol and relies on the authentication service provided by an affected Cisco Secure Access Control System.


 

Privacy Statement
Copyright 2010, SecurityFocus