J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Cisco Secure Access Control Server Remote Authentication Bypass Vulnerability

Severity: CRITICAL

Description:

Cisco Secure Access Control Server is designed to facilitate centralized authentication, authorization, and accounting (AAA) of network based devices and computers configured to be AAA clients. It is available for Unix and Unix variant platforms as well as Microsoft Windows. It should be noted that this issue only affects Microsoft Windows platforms.

Cisco Secure Access Control Server is affected by a remote authentication bypass vulnerability. This issue is due to a failure of the software to properly validate user credentials prior to granting access.

The problem presents itself when an attacker attempts to authenticate to the affected server. Apparently the application will grant access to any attacker that presents a valid user name and a certificate that is cryptographically correct.

Cryptographic correctness requires the certificate to be in the appropriate format and to contain the appropriate fields; a cryptographically correct certificate does not have to derive from a trusted certificate authority, and so may be forged.

It should be noted that this issue only presents itself when the affected server is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to network devices.

There is an exception when EAP-TLS is being used with binary comparison and the user entry in LDAP/AD contains only valid certificates that this issue does not present itself.

An attacker can leverage this issue to gain unauthorized remote access to any devices or networks that rely on the affected software for access control.

Affected Products:

  • Cisco Secure ACS Solution Engine
  • Cisco Secure ACS Solution Engine 3.3.1
  • Cisco Secure Access Control Server 3.3.0 (1)
  • Cisco Secure Access Control Server 3.3.1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.