CVE-2000-1056

Description

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.

Affected products

• Cisco / secure_access_control_server2.1 – 2.1
• Cisco / secure_access_control_server2.3(3) – 2.3(3)
• Cisco / secure_access_control_server2.4(2) – 2.4(2)

References

• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/5274
• MISChttp://www.securityfocus.com/bid/1708