Business
Cisco reports access control server flaws
Hackers could exploit the vulnerabilities to launch DOS attacks and bypass user authentication on the servers.
Cisco on Wednesday posted an advisory warning about four vulnerabilities in its Secure Access Control Server (ACS). The first flaw causes the Web interface of the ACS to stop answering requests when it's flooded with TCP connections. The second error crashes systems using Cisco's remote access authentication protocol, called light extensible authentication protocol. The third vulnerability is related to an error in the handling of traffic using Novell directory services. And the fourth problem occurs when hackers spoof IP addresses to match an authenticated user's address to gain access to the Web-based graphical user interface of the ACS.
Versions affected by these vulnerabilities include 3.2, 3.2 (2) and 3.2 (3). Details of the warning and patches to fix the problems are available on Cisco's Web site.