Cisco TACACS+ Authentication Bypass, (Wed, Nov 7th)
Cisco has released a patch that addresses a TACACS+ Authentication Bypass vulnerability. Exploitation is likely very easy. If you are using Cisco ACS for authentication you should probably take note of this annoucment.
The following Cisco Secure ACS versions are affected by this vulnerability:
Cisco Secure ACS Version
Thanks to the ISC reader who asked not to be mentioned by name who brought this to my attention. And thanks to Scott for keeping me straight on the versions.
Join me in San Antonio Texas November 27th for SANS504 Hacker Techniques, Exploits and Incident Response! Register Today!!
Follow me on Twitter @MarkBaggett
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The original article/video can be found at Cisco TACACS+ Authentication Bypass, (Wed, Nov 7th)