CVE-2004-1461
Cisco Secure Access Control Server ACS 3.23 and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address...