Authentication Bypass in Cisco Secure Access Control Server
CVE-2004-1461

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server; Secure Acs Solution Engine
Vendor: CVE Published:; 31 December 2004

Summary

The Cisco Secure Access Control Server (ACS) versions 3.2(3) and earlier exhibit a security vulnerability where an unauthenticated TCP connection is established on a random port upon user authentication to the ACS graphical user interface (GUI). This flaw allows remote attackers to bypass authentication mechanisms simply by connecting to the established port from the same IP address as the legitimate user. As a result, unauthorized access can be gained, compromising the integrity and confidentiality of the network resources managed by the ACS.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17118

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/11047

vdb-entryx_refsource_BID

http://www.cisco.com/warp/public/707/cisco-sa-20040825-ac...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004