Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2004-12-31 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2004-1461
Mitre link : CVE-2004-1461
CVE.ORG link : CVE-2004-1461
JSON object : View
Products Affected
cisco
- secure_acs_solution_engine
- secure_access_control_server
CWE