Password Disclosure Vulnerability in Cisco Secure Access Control Server
CVE-2006-0561

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 10 May 2006

Summary

The Cisco Secure Access Control Server (ACS) 3.x for Windows suffers from a vulnerability that permits storage of administrator passwords and master keys in the registry with inadequate permissions. This security flaw enables local users and potential remote administrators to exploit the system. By utilizing Microsoft's cryptographic API functions, they can decrypt these credentials and obtain the plaintext version of the sensitive master key, resulting in unauthorized access to administrative capabilities.

References

http://www.securityfocus.com/bid/16743

vdb-entryx_refsource_BID

http://www.cisco.com/warp/public/707/cisco-sr-20060508-ac...

vendor-advisoryx_refsource_CISCO

http://www.symantec.com/enterprise/research/SYMSA-2006-00...

x_refsource_MISC

Timeline

Vulnerability published
May 10, 2006
Vulnerability Reserved
Feb 6, 2006