Cisco Secure Access Control System TACACS+ Authentication Bypass (cisco-sa-20121107-acs)

The version of Cisco Secure Access Control ACS running on the remote host has an authentication bypass vulnerability. When the system is configured with an LDAP external identity store and TACACS+ is the authentication protocol, the user-supplied password is not properly validated. A remote...

CVE-2012-5424

CVE-2012-5424 affects Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7. When configured with LDAP as external identity store and TACACS+ for authentication, the system fails to properly validate the user-supplied password, enabling an unauthenticated...