4 matches found
CVE-2004-1460
CVE-2004-1460 affects Cisco Secure Access Control Server (ACS) 3.2(3) and earlier. When configured with an anonymous bind in Novell Directory Services (NDS), and authenticating NDS users with NDS, remote attackers can gain unauthorized access to AAA clients by using a blank password. The NVD note...
CVE-2004-1099
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1 are affected when EAP-TLS is enabled. They do not properly handle expired or untrusted certificates, allowing remote attackers to bypass authentication a...
CVE-2004-1458
The CVE-2004-1458 entry concerns Cisco Secure Access Control Server (ACS) 3.2(2) build 15, specifically the CSAdmin web administration interface. The vulnerability allows remote attackers to cause a denial of service (hang) by flooding port 2002 with TCP connections. The available documents confi...
CVE-2004-1461
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier is vulnerable to an authentication bypass: during GUI login a separate unauthenticated TCP connection is spawned on a random port, and an attacker on the same IP can connect to that port to bypass authentication. This issue is documented...