Wednesday, February 15, 2006

TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products

Via Cisco.


A vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.

TACACS+ authentication is disabled by default, and a device correctly configured for TACACS+ authentication is not affected by this vulnerability.

More here.

0 Comments:

Post a Comment

<< Home