Cisco TACACS+ Authentication Bypass

SANS ISC: Cisco TACACS+ Authentication Bypass

SANS Site Network
- Current Site
- SANS Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Cisco has released a patch that addresses a TACACS+ Authentication Bypass vulnerability. Exploitation is likely very easy. If you are using Cisco ACS for authentication you should probably take note of this annoucment.

The following Cisco Secure ACS versions are affected by this vulnerability:

Cisco Secure ACS Version	Affected
5.0	Yes
5.1	Yes
5.2	Yes
5.3	Yes
5.4	No

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

Thanks to the ISC reader who asked not to be mentioned by name who brought this to my attention. And thanks to Scott for keeping me straight on the versions.

Join me in San Antonio Texas November 27th for SANS 504 Hacker Techniques, Exploits and Incident Response! Register Today!!

Follow me on Twitter @MarkBaggett
Mark Baggett

Mark

81 Posts
ISC Handler

Nov 7th 2012

Nov 7th 2012
7 years ago