PT-2002-1311 · Novell+1 · Novell Directory Services+2

Published

2002-05-29

Updated

2008-09-05

CVE-2002-0241

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Secure Authentication Control Server (ACS) version 3.0.1

Description The issue concerns the NDSAuth.DLL component, which fails to verify the Expired or Disabled state of users in the Novell Directory Services (NDS). This oversight could allow expired or disabled users to successfully authenticate to the server.

Recommendations For Cisco Secure Authentication Control Server (ACS) version 3.0.1, update the NDSAuth.DLL component to properly check the user state in NDS. As a temporary workaround, consider manually verifying the status of users in NDS to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0241

Affected Products

Cisco Secure Authentication Control Server

Ndsauth.Dll

Novell Directory Services

PT-2002-1311 · Novell+1 · Novell Directory Services+2

CVE-2002-0241

Related Identifiers

Affected Products

References · 4