CVE Reference: CVE-2012-5424

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-5424

Description:
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/79860

ST
  1027733

SAID
  Secunia Advisory: SA51194

OSVDB
  87251

CISCO
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

BID
  56433


Return to the previous page.