Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote malicious users to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure access control server 5.1 |
||
cisco secure access control server 5.2 |
||
cisco secure access control server 5.0 |
||
cisco secure access control server 5.3 |