Vigil@nce - Cisco Secure Access Control System: weak authentication
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can forge an authentication token for Cisco Secure
Access Control System, in order to obtain sensitive information.
Impacted products: Secure ACS.
Severity: 2/4.
Creation date: 25/06/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco Secure Access Control System product use a taken based
mechanism to record the client identity.
However, the authentication token is protected against spoofing by
weak algorithms. So, an attacker can forge a valid authentication
token by a brute force search, and then access to file present in
the system.
An attacker can therefore forge an authentication token for Cisco
Secure Access Control System, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Secure-Access-Control-System-weak-authentication-17231