VULHUB ™

There are certain Lightweight Directory Access Protocol (LDAP) servers that allow users to have undefined passwords. If CiscoSecure ACS for Windows NT is used in conjunction with a LDAP server containing null passwords, it is possible for remote users to bypass authentication measures and gain privileges on routers and switches which they normally would not have access to.

There are certain Lightweight Directory Access Protocol (LDAP) servers that allow users to have undefined passwords. If CiscoSecure ACS for Windows NT is used in conjunction with a LDAP server containing null passwords, it is possible for remote users to bypass authentication measures and gain privileges on routers and switches which they normally would not have access to.