Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0561

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-0561
Last Modified 07 Mar 2011 09:30:17
Published 09 May 2006 10:14:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0561

Summary

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

Vulnerable Systems

Application

  • Cisco Secure Access Control Server 3.0

  • Cisco Secure Access Control Server 3.0.1

  • Cisco Secure Access Control Server 3.0.3

  • Cisco Secure Access Control Server 3.1

  • Cisco Secure Access Control Server 3.1.1

  • Cisco Secure Access Control Server 3.2

  • Cisco Secure Access Control Server 3.3


References

MISC - http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt

BID - 16743

BUGTRAQ - 20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure

CISCO - 20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure

SECTRACK - 1016042

VUPEN - ADV-2006-1741

BUGTRAQ - 20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure

XF - cisco-acs-admin-password-disclosure(26307)

OSVDB - 25892


Last Updated: 27 May 2016 10:41:42