Cisco Secure Access Control System TACACS+ Authentication Bypass (cisco-sa-20121107-acs)

The version of Cisco Secure Access Control ACS running on the remote host has an authentication bypass vulnerability. When the system is configured with an LDAP external identity store and TACACS+ is the authentication protocol, the user-supplied password is not properly validated. A remote...

Authentication flaw

Cisco Secure Access Control System ACS 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted passwo...