Cisco patch plugs password security flaws
Security experts advice users to install fix for ACS authentication bug
Cisco has issued a patch to address a security flaw which could allow an attacker to bypass password protections in its Access Control System (ACS) platform.
The company said that the update would install a revision to the ACS platform, specifically the handling of the Tacas+ security protocol.
Cisco said that the flaw would potentially allow an attacker to use a specific set of characters in combination with a valid account name to cause a crash which lets the attacker bypass the authentication process and access the target system.
The company noted that while an attacker would need a valid user name, the technique could be used on any system with the vulnerable component.
Cisco is making the patch available as a free update. Both the company and third-party security researchers are advising administrators to install the fix as soon as possible.
"Exploitation is likely very easy," said Sans researcher Mark Baggett.
"If you are using Cisco ACS for authentication you should probably take note of this announcement."
The update is the latest in what is shaping up to be a busy month for administrators. Earlier in the week Adobe issued an update to address multiple flaws in its Flash Player media platform. Google also posted updates for its Chrome browser.
Microsoft is also slated to issue updates for its products next week when the company posts its monthly security update.
V3 Latest
Snowden points finger at Russia over NSA hack
Tweets offer possible cause for major hack
IBM beats AWS and Azure in seven-year Workday cloud deal
Deal suggests still market left to play for
NSA hack sees information up for auction in major security incident
Shadow Brokers hacker group claims responsibility
Microsoft to issue Windows 7 and 8.1 updates together
Firm claims move will make life easier for admins
Most read
