EUVD-2013-3401

Malware in sbrugna...

JSA10410 - Steel-Belted Radius EAP-FAST Authentication Succeeds with Incorrect Password

Problem Certain SBR products are vulnerable to a condition in which the authentication phase Phase 1 of EAP-FAST can be bypassed. This may allow an attacker to gain unauthorized access without providing a password or token value. This is a Pulse Secure Security Advisory released to our entitled...

Access Point Impersonation Attacks: hostapd-wpe

hostapd-wpe – Wireless Pwnage Edition – hostapd-wpe is the replacement for FreeRADIUS-WPE . It implements IEEE 802.1x Authenticator and Authentication Server impersonation attacks to obtain client credentials, establish connectivity to the client, and launch other attacks where applicable...

Oracle: Security Advisory (ELSA-2014-1652)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SS...

Oracle Linux 6 / 7 : openssl (ELSA-2014-1652)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1652 advisory. - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV t...

Cisco Secure Access Control Server authentication bypass

Authentication bypass if EAP-FAST protocol is used...

Cisco Secure Access Control Server for Windows Remote Code Execution

The version of Cisco Secure Access Control Server for Windows 4.x is earlier than 4.2.1.15.11. It is, therefore, potentially affected by a remote code execution vulnerability. Due to improper parsing of user identities used for EAP-FAST authentication, a remote, unauthenticated attacker could...

CISCO vulnerability allows remote attacker to take control of Windows system

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network...

CISCO vulnerability allows remote attacker to take control of Windows system

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network...

CVE-2013-3466

The EAP-FAST authentication module in Cisco Secure Access Control Server ACS 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID...

Design/Logic Flaw

The EAP-FAST authentication module in Cisco Secure Access Control Server ACS 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID...

CVE-2013-3466

Cisco Secure ACS (Windows) 4.x (including 4.0–4.2.1.15) is affected when configured as a RADIUS server. The EAP-FAST authentication module fails to properly parse user identities, allowing remote attackers to send crafted EAP-FAST packets to execute arbitrary commands on the ACS host. The vulnera...

CVE-2013-3466

The EAP-FAST authentication module in Cisco Secure Access Control Server ACS 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID...

Remote Unauthenticated Bug Haunts Cisco ACS Server

There is a critical remotely exploitable vulnerability in Cisco’s Secure Access Control Server which allows a remote attacker to take complete control of a vulnerable server. The bug results from a bad implementation of the EAP-FAST protocol and it affects a number of versions of the Cisco ACS. T...

Cisco Secure Access Control Server Remote Command Execution Vulnerability

A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is...

UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Revision 2.0 Last Updated 2004 April 12 1600 UTC GMT For Public Release 2003 August 03 1600 UTC GMT ---------------------------------------------------------------------- Contents...