Cisco Multiple Product Misconfigured TACACS+ Server Authentication Bypass

2006-02-15T06:17:38
ID OSVDB:23237
Type osvdb
Reporter Gerrit Wenig()
Modified 2006-02-15T06:17:38

Description

Vulnerability Description

Cisco TACACS+ contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when the TACACS+ configuration lacks the 'tacacs-server host' command. It is possible that the flaw may allow a malicious user to bypass authentication, resulting in a loss of confidentiality.

Technical Description

In order to be vulnerable the active TACACS+ configuration must be missing the 'tacacs-server host' command which specifies the actual TACACS+ server to authenticate against.

Solution Description

Upgrade to version 5.1(4) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco TACACS+ contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when the TACACS+ configuration lacks the 'tacacs-server host' command. It is possible that the flaw may allow a malicious user to bypass authentication, resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1015638 Security Tracker: 1015637 Secunia Advisory ID:18904 Keyword: cisco-SA-20060215-guard-auth,CSCsd21455 FrSIRT Advisory: ADV-2006-0612 CVE-2006-0764 Bugtraq ID: 16661