17644 : Cisco IOS AAA RADIUS Long Username Authentication Bypass
Printer | http://osvdb.org/17644 | Email This | Edit Vulnerability

Views This Week
3

Views All Time
19

Info

Last Modified
4 months ago

Percent Complete
90%

Disclosure
Jun 29, 2005

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 Cisco IOS's RADIUS server contains a flaw that may allow a malicious user to bypass authorization and accounting. The issue is triggered when no fallback method of AAA is configured and a long username is submitted. It is possible that the flaw may allow unauthorized users to authenticate, resulting in a loss of confidentiality.

Classification

 Location: Remote/Network Access Required
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Technical

 A system configured for RADIUS authentication and none fallback method, or for RADIUS authentication and local and none fallback methods, will have lines in their running configuration that look like this:

aaa authentication login xxxxxx group radius none
aaa authentication ppp xxxxxx group radius none
aaa authentication login xxxxxx group radius local none
aaa authentication ppp xxxxxx group radius local none

These are the affected systems.

Solution

 Upgrade to the version appropriate for your installation, as outlined in the vulnerable version matrix provided by Cisco. An upgrade is required as there are no known workarounds.

Products
Cisco Systems, Inc.
Watch-list
IOS
Watch-list
 12.3
12.3B
12.3T
12.2B
12.2BC
12.2T
12.2XB
12.2XD
12.2XE
12.2XF
12.2XG
12.2XH
12.2XI
12.2XJ
12.2XK
12.2XL
12.2XM
12.2XQ
12.2XR
12.2XT
12.2YA
12.2YB
12.2YC
12.2YD
12.2YF
12.2YG
12.2YH
12.3Xx
12.2EW
12.2EWA
12.2SE
12.2SXD
12.3XD
12.3XE
12.3XF
12.3XG
12.3XH
12.3XI
12.3XJ
12.3XK
12.3XL
12.3XM
12.3XQ
12.3XR
12.3XS
12.3XU
12.3XW
12.3XY
12.3YA
12.3YD
12.3YF
12.3YG
12.3YH
12.3YJ
12.3YK
12.2BX
12.2BY
12.2BZ
12.2CX
12.2CY
12.2CZ
12.2JK
12.2YJ
12.2YL
12.2YM
12.2YN
12.2YP
12.2YQ
12.2YR
12.2YT
12.2YU
12.2YV
12.2YW
12.2YY
12.2ZB
12.2ZC
12.2ZD
12.2ZE
12.2ZF
12.2ZG
12.2ZH
12.2ZJ
12.2ZL
12.2ZN
12.2ZP
12.3BC
12.3BW
12.3XA
12.3XB
12.3XC
12.3XN
12.3YI
12.2XW
12.2XC
12.2BW
12.2EY
12.2JA
12.2MB
12.2MC
12.3JA
12.3YN
12.3YQ
12.2ZO
12.2EZ
12.2SXE
12.3YS
12.4
12.2MX
12.2(2)XR
12.2(4)XR
12.2(15)XR
12.3YB
12.3YL
12.3YR

References

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

 None found at this time

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use