VULHUB ™

Cisco Secure ACS is a highly scalable, high-performance access control server that runs on Windows NT/2000 operating systems and Unix variants. It operates as a centralized Remote Access Dial-In User Service (RADIUS) or TACACS+ server system and controls the authentication of users accessing resources through the network. A vulnerability has been discovered in Cisco Secure ACS for Windows NT that have been configured for NDS (Novell Directory Services). Users in the NDS database whose accounts have expired or been disabled may still successfully authenticate with the service. An expired or disabled user who authenticates with the correct credentials will still be able to access the service. The normal, expected behavior is that their access to the service will be denied. It should be noted that only Cisco Secure ACS 3.01 for Windows NT is prone to this issue.

Cisco Secure ACS is a highly scalable, high-performance access control server that runs on Windows NT/2000 operating systems and Unix variants. It operates as a centralized Remote Access Dial-In User Service (RADIUS) or TACACS+ server system and controls the authentication of users accessing resources through the network. A vulnerability has been discovered in Cisco Secure ACS for Windows NT that have been configured for NDS (Novell Directory Services). Users in the NDS database whose accounts have expired or been disabled may still successfully authenticate with the service. An expired or disabled user who authenticates with the correct credentials will still be able to access the service. The normal, expected behavior is that their access to the service will be denied. It should be noted that only Cisco Secure ACS 3.01 for Windows NT is prone to this issue.