Cisco vulnerabilities by product, model, software, and advisory.
Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication
cisco-sa-20041102-acs-eap-tls · NA · Published · Updated
A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct. Only version 3.3.1 of the Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine is affected by this vulnerability. Cisco has made free software available to address this problem. This vulnerability has no effect, that is, user authentication is not impacted, if EAP-TLS is configured in the Cisco Secure ACS with binary comparison of user certificates as the only comparison method and if the user entry in Lightweight Directory Access Protocol/Active Directory (LDAP/AD) contains only valid certificates. No exploitations of this vulnerability have been reported. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20041102-acs-eap-tls.