|
|
>> Cisco Secure Access Control Server Administrator Password Disclosure Issue
|
Title : Cisco Secure Access Control Server Administrator Password Disclosure Issue
VUPEN ID : VUPEN/ADV-2006-1741
CVE ID : CVE-2006-0561
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-09
|
A vulnerability has been identified in Cisco Secure Access Control Server (ACS), which could be exploited by malicious users to obtain sensitive information. This flaw is due to a design error where the application encrypts (using the Crypto API MS Base Cryptographic Provider v1.0) and stores (in the Windows registry) the passwords of ACS administrators and the locally generated master key designed to encrypt/decrypt these passwords, which could be exploited by local or remote attackers with administrative access to the Windows registry to decrypt to obtain the clear-text passwords for all ACS administrators and gain access to network devices configured to use Cisco Secure ACS for authentication.
Affected Products
Cisco Secure Access Control Server (ACS) versions 3.x for Windows
Solution
Restrict access to the registry key "HLM\SOFTWARE\Cisco\CiscoAAAv3.3\CSAdmin\Administrators" :
http://support.microsoft.com/kb/q153183
References
http://www.vupen.com/english/advisories/2006/1741
http://www.frsirt.com/english/reference/11473
http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml
Credits
Vulnerability reported by Andreas Junestam
ChangeLog
2006-05-09 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
