PT-2006-1623 · Microsoft+1 · Windows+1

Published

2006-05-09

Updated

2017-07-20

CVE-2006-0561

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) version 3.x for Windows

Description The issue concerns the storage of ACS administrator passwords and the master key in the registry with insecure permissions. This allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

Recommendations For Cisco Secure Access Control Server (ACS) version 3.x for Windows, consider restricting access to the registry to minimize the risk of exploitation. As a temporary workaround, limit the privileges of local users and remote administrators to reduce the potential for unauthorized access to the master key.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0561

Affected Products

Cisco Secure Access Control Server

Windows

PT-2006-1623 · Microsoft+1 · Windows+1

CVE-2006-0561

Related Identifiers

Affected Products

References · 10