Blank Password Vulnerability in Cisco Secure Access Control Server
CVE-2004-1460

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server; Secure Acs Solution Engine
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-1460?

The vulnerability in Cisco Secure Access Control Server arises when it is configured with an anonymous bind for Novell Directory Services (NDS). This configuration allows remote attackers to exploit the system by using a blank password to authenticate NDS users. Consequently, unauthorized access to AAA clients may be achieved, posing a significant security risk for organizations utilizing this configuration.

References

http://www.securityfocus.com/bid/11047

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/17117

vdb-entryx_refsource_XF

http://www.cisco.com/warp/public/707/cisco-sa-20040825-ac...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004