Vigil@nce - Cisco Secure ACS: session replay
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can capture the session identifier of Cisco Secure ACS, in order to reuse it to access to user’s space.
Impacted products: Secure ACS
Creation date: 16/05/2013
DESCRIPTION OF THE VULNERABILITY
The Cisco Secure Access Control System product provides an interface requiring an authentication.
When the user is authenticated he obtains a session identifier. However, this identifier can be reused by an attacker.
An attacker can therefore capture the session identifier of Cisco Secure ACS, in order to reuse it to access to user’s space.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN