SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   Cisco Secure Access Control Server Vendors:   Cisco
Cisco Secure Access Control System Password Validation Flaw Lets Remote Users Bypass TACACS+ Authentication
SecurityTracker Alert ID:  1027733
SecurityTracker URL:  http://securitytracker.com/id/1027733
CVE Reference:   CVE-2012-5424   (Links to External Site)
Date:  Nov 7 2012
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 5.1, 5.2, 5.3
Description:   A vulnerability was reported in Cisco Secure Access Control System. A remote user can bypass TACACS+ authentication.

The system does not properly validate user-supplied passwords when TACACS+ is the authentication protocol and the Cisco Secure Access Control System (ACS) is configured with an LDAP external identity store.

A remote user with knowledge of a valid username can send a specially crafted sequence of characters when prompted for the user password to bypass TACACS+ authentication.

Version 5.4 is not affected.

Cisco has assigned Cisco bug ID CSCuc65634 to this vulnerability.

Impact:   A remote user can bypass TACACS+ authentication.
Solution:   The vendor has issued a fix (5.2 Patch 11, 5.3 Patch 7).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs (Links to External Site)
Cause:   Authentication error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 7 Nov 2012 11:11:56 -0500
Subject:  Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Secure Access Control System TACACS+ Authentication Bypass
Vulnerability

Advisory ID: cisco-sa-20121107-acs

Revision 1.0

For Public Release 2012 November 7 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

Cisco Secure Access Control System (ACS) contains a vulnerability that
could allow an unauthenticated, remote attacker to bypass TACACS+
based authentication service offered by the affected product. The
vulnerability is due to improper validation of the user-supplied
password when TACACS+ is the authentication protocol and Cisco Secure
ACS is configured with a Lightweight Directory Access Protocol (LDAP)
external identity store.

An attacker may exploit this vulnerability by sending a special
sequence of characters when prompted for the user password. The
attacker would need to know a valid username stored in the LDAP
external identity store to exploit this vulnerability, and the
exploitation is limited to impersonate only that user. An exploit
could allow the attacker to successfully authenticate to any system
using TACACS+ in combination with an affected Cisco Secure ACS.

Cisco has released free software updates that address this
vulnerability. 

There are no workarounds for this vulnerability. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlCahBgACgkQUddfH3/BbTry0gD+ODX/mW0lFysJb+ga9d8hSJib
y3Nt7PWArjcjgBBfV6cA/3xq5kIJ57XxuNw63zIaTpay5N+sUNLDJ37bdjxu+hTf
=GL1C
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC