CVE-2006-0561

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

Affected Products (8)

cisco · secure_access_control_servervulnerable

References (18)

http://securitytracker.com/id?1016042

Patch

http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml

Patch

http://www.osvdb.org/25892

http://www.securityfocus.com/archive/1/433286/100/0/threaded

Vendor Advisory

http://www.securityfocus.com/archive/1/433301/100/0/threaded

PatchVendor Advisory

http://www.securityfocus.com/bid/16743

Patch

http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt

PatchVendor Advisory