Weak Session Management in Cisco Secure Access Control Server 4.x
CVE-2006-3226

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 26 June 2006

Summary

The Cisco Secure Access Control Server (ACS) 4.x for Windows exhibits a weakness in its session management that leverages the client's IP address and the server's port to permit access for administrative sessions. This oversight potentially enables remote attackers to bypass existing authentication controls, exposing security risks for users and organizations relying on this system for secure access management. The vulnerability highlights the importance of strong session verification mechanisms to safeguard administrative access against unauthorized exploitation.

References

http://securitytracker.com/id?1016369

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/26825

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/1157

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Jun 26, 2006
Vulnerability Reserved
Jun 26, 2006