Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Cisco Secure ACS NDS Expired/Disabled User Authentication Vulnerability

Cisco Secure ACS NDS Expired/Disabled User Authentication Vulnerability

by Nikola Strahija on February 9th, 2002 A vulnerability has been discovered in Cisco Secure ACS for Windows NT that have been configured for NDS (Novell Directory Services).


Users in the NDS database whose accounts have expired or been disabled may still successfully authenticate with the service. An expired or disabled user who authenticates with the correct credentials will still be able to access the service. The normal, expected behavior is that their access to the service will be denied.

It should be noted that only Cisco Secure ACS 3.01 for Windows NT is prone to this issue.

Exploit: There is no exploit required.

Remote: Yes

Solution: Cisco realesed a patch at http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »