lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201606291232.6.cpcpauthbypass@psirt.cisco.com>
Date: Wed, 29 Jun 2016 12:32:50 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.

The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV2qr3q89gD3EAJB5AQLLnw//ZD85xqIpSmQranwPfYQDeoM2uD6+TNby
Vl+47uZOC+csQ0PB9d/z6zylu/426OyJSSUje2c44lSXDJ8iHy9dBNY0ozyk4Uzj
oTOlr1h8YEDkjxZZ66yqm0GoTVo341tbAaDJb8xWHYjb6STnAP3r8hHu0jleH26j
vn/NQ3xPTQ7FPaB6gDoKn6Kb2Y8rDjUs+Hps7S9REtplxLR9zkERS0lWQHoz0bSd
eBTmNg5OAQxVwH6jFc4wnUnHHaPk7iALBXVo8mrkU3+6CAfejUbhJpSVxYceZQZx
hl7NFgr9NSj4aT1nnnNGjGPHY4pPvrvyc55hQIrIPtk+teEzWL0br5VxPB3LVmKS
framl2fXHOd7uV1rHcgfWlI0LYBldC1C5JhSlE9hxh3BfpejMauev2rGiWVDCTyr
RIC7zJDqBAc3F7XjbjVebrKjdb761SPmYbdCDHyVBuR8mePyzbEvHkfkvSGi0XbD
egVto6K1njcXU1uXLyKxGnPDH2pUZCTT+Hg7wF3U3zf0gvpO9Ifk+uhELoz6FAFJ
SXGVS245KjwhJmBwh02gsjbX/Fy+DLUnmVAsdL5hCMBZmzv5Cs0fGqefBTgHahft
5ZVRP3cfwSKSFfLTRTO6GF2ZlUk4kwFwqP1HpVjB2Y4N/63OllST/lIlJPhsZHH0
BNnEWyb0RME=
=hP8c
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ