Results 1 to 4 of 4

Thread: Vulnerability: Cisco Secure ACS NDS Expired/Disabled User Authentication

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: Cisco Secure ACS NDS Expired/Disabled User Authentication

    Cisco Secure ACS NDS Expired/Disabled User Authentication Vulnerability


    A vulnerability has been discovered in Cisco Secure ACS for Windows NT that have been configured for NDS (Novell Directory Services).

    Users in the NDS database whose accounts have expired or been disabled may still successfully authenticate with the service. An expired or disabled user who authenticates with the correct credentials will still be able to access the service. The normal, expected behavior is that their access to the service will be denied.

    It should be noted that only Cisco Secure ACS 3.01 for Windows NT is prone to this issue.

    Exploit: There is no exploit required.

    Remote: Yes

    Solution: Cisco realesed a patch at http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    I don't see how things this easy go unnoticed during the software production. If the user's account is disabled or expired, the only natural thing to do would be to not allow any type of authentication. These kinds of common sense things that large companies overlook are horrible.

  3. #3
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hahah some people just cant see past their noses...
    too much "wow im so good" ego.. lolz

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    lol, I know man, for real.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •