Authentication Bypass Vulnerability in Cisco ONS Products
CVE-2004-1436

Currently unrated

Key Information:

Vendor: Cisco
Status: Optical Networking Systems Software
Vendor: CVE Published:; 31 December 2004

Summary

The Transaction Language 1 (TL1) login interface in select Cisco ONS products is susceptible to an authentication bypass issue. When user accounts are configured with blank passwords, malicious actors can exploit this flaw by logging in using passwords longer than 10 characters. This vulnerability allows unauthorized access to sensitive features and controls of the affected devices, potentially compromising network integrity and security.

References

http://www.cisco.com/warp/public/707/cisco-sa-20040721-on...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/12117

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/10768

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004