In association with heise online

« previous | next »
2 November 2006, 19:08

Security update for Cisco's Security Agent Management Center

Cisco has released a flaw advisory describing a vulnerability in Cisco Security Agent Management Center (CSAMC) through which an unauthorised user could fool the authentication process and log in as an administrator. The Security Agent Management Center is used to remotely configure the Security Agents (CSA) for clients and server. An attacker with privileged rights could deactivate the protection through CSAs for all devices.

The attack will only function if CSMAC uses an LDAP server for authentication, which is not the default setting. Where that is the case, the attacker need only enter the name of a valid administrator and can leave the password empty while simulating a specific error message to the LDAP server. This causes the CSMAC to misinterpret the login procedure as valid. Only version 5.1 of CSMAC is affected, with an update already released to remove the problem.

See also:

(ehe)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-731747

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit