CVE-2006-0561

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) version 3.x for Windows

Description The issue concerns the storage of ACS administrator passwords and the master key in the registry with insecure permissions. This allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

Recommendations For Cisco Secure Access Control Server (ACS) version 3.x for Windows, consider restricting access to the registry to minimize the risk of exploitation. As a temporary workaround, limit the privileges of local users and remote administrators to reduce the potential for unauthorized access to the master key.