CENTER.HU groups
CENTER.HU address

User:

Guest

www.center.hu / Archive / Security news / november, 2004 / Vulnerability in Cisco Secure Access Serve 

Vulnerability in Cisco Secure Access Serve

Vulnerability in Cisco Secure Access Serve

Madrid, November 3, 2004 - Cisco has published a security bulletin (*) informing of a security flaw detected in version 3.3.1 of Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine, which allows unauthorized users to access affected networks. What´s more, the company has also announced that the upgrade that fixes this vulnerability is now available.

This vulnerability arises if EAP-TSL is configured in Cisco Secure Access Control Server. In this case, it will allow access to users that use a cryptographically correct certificate, even if it has expired or comes from an untrusted Certificate Authority. An attacker that exploited this vulnerability would be ale to access any network or resource using a vulnerable version of Cisco Secure ACS to control user authentication.

(*) The security bulletin detailing the vulnerability and the upgrades are available at: http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml


Oxygen3 24h-365d
 by Panda Software

Back



Copyright © CENTER.HU Ltd, 2000-2010. All rights reserved

sitemap | privacy policy |

copyrights | new pages |

terms of purchase | contact us


PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel