OSVDB ID: 17644

Title: Cisco IOS AAA RADIUS Long Username Authentication Bypass

Info

Disclosure
Jun 29, 2005

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 Cisco IOS's RADIUS server contains a flaw that may allow a malicious user to bypass authorization and accounting. The issue is triggered when no fallback method of AAA is configured and a long username is submitted. It is possible that the flaw may allow unauthorized users to authenticate, resulting in a loss of confidentiality.

Classification

 Location: Remote/Network Access Required
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

 Upgrade to the version appropriate for your installation, as outlined in the vulnerable version matrix provided by Cisco. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.

IOS

 12.2B
12.2BC
12.2BW
12.2BX
12.2BY
12.2BZ
12.2CX
12.2CY
12.2CZ
12.2EW
12.2EWA
12.2EY
12.2EZ
12.2JA
12.2JK
12.2MB
12.2MC
12.2MX
12.2SE
12.2SXD
12.2SXE
12.2T
12.2XB
12.2XC
12.2XD
12.2XE
12.2XF
12.2XG
12.2XH
12.2XI
12.2XJ
12.2XK
12.2XL
12.2XM
12.2XQ
12.2XR
12.2(2)XR
12.2(4)XR
12.2(15)XR
12.2XT
12.2XW
12.2YA
12.2YB
12.2YC
12.2YD
12.2YF
12.2YG
12.2YH
12.2YJ
12.2YL
12.2YM
12.2YN
12.2YP
12.2YQ
12.2YR
12.2YT
12.2YU
12.2YV
12.2YW
12.2YY
12.2ZB
12.2ZC
12.2ZD
12.2ZE
12.2ZF
12.2ZG
12.2ZH
12.2ZJ
12.2ZL
12.2ZN
12.2ZO
12.2ZP
12.3
12.3B
12.3BC
12.3BW
12.3JA
12.3T
12.3XA
12.3XB
12.3XC
12.3XD
12.3XE
12.3XF
12.3XG
12.3XH
12.3XI
12.3XJ
12.3XK
12.3XL
12.3XM
12.3XN
12.3XQ
12.3XR
12.3XS
12.3XU
12.3XW
12.3Xx
12.3XY
12.3YA
12.3YB
12.3YD
12.3YF
12.3YG
12.3YH
12.3YI
12.3YJ
12.3YK
12.3YL
12.3YN
12.3YR
12.3YS
12.3YQ
12.4

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/36218