CVE-2004-1099

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Acs Solution Engine; Secure Access Control Server
Vendor: CVE Published:; 10 January 2005

Summary

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.

References

http://www.cisco.com/warp/public/707/cisco-sa-20041102-ac...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/17936

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/11577

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Nov 30, 2004