funsec mailing list archives
TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigatio n Products
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 15 Feb 2006 17:11:26 GMT
Via Cisco. [snip] A vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured. TACACS+ authentication is disabled by default, and a device correctly configured for TACACS+ authentication is not affected by this vulnerability. [snip] More: http://www.cisco.com/warp/public/707/cisco-sa-20060215-guard.shtml - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigatio n Products Fergie (Feb 15)