Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Cisco Secure ACS EAP Parsing Vulnerability
Sep 03 2008 03:04PM
Laurent Butti (laurent butti orange-ftgroup com)
* Cisco Secure ACS does not correctly parse the length of EAP-Response
packets which allows remote attackers to cause a denial of service and
possibly execute arbitrary code
* A remote attacker (acting as a RADIUS client) could send a specially
crafted EAP Response p...
[ more ]
Copyright 2010, SecurityFocus