Authentication Bypass Vulnerability in Cisco Secure Access Control Products
CVE-2004-1099

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Acs Solution Engine; Secure Access Control Server
Vendor: CVE Published:; 10 January 2005

Summary

The Cisco Secure Access Control Server for Windows and Solution Engine 3.3.1 includes a vulnerability related to the handling of expired or untrusted certificates when EAP-TLS protocol is enabled. This flaw allows remote attackers to exploit the system by presenting a 'cryptographically correct' certificate containing valid fields like the username, thereby bypassing authentication processes. As a result, unauthorized access to the system can be gained, posing potential risks to network security and data integrity.

References

http://www.cisco.com/warp/public/707/cisco-sa-20041102-ac...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/17936

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/11577

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Nov 30, 2004