| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Jun 2016 12:32:50 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: bugtraq@...urityfocus.com Cc: psirt@...co.com Subject: Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability Advisory ID: cisco-sa-20160629-cpcpauthbypass Revision 1.0 For Public Release 2016 June 29 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBV2qr3q89gD3EAJB5AQLLnw//ZD85xqIpSmQranwPfYQDeoM2uD6+TNby Vl+47uZOC+csQ0PB9d/z6zylu/426OyJSSUje2c44lSXDJ8iHy9dBNY0ozyk4Uzj oTOlr1h8YEDkjxZZ66yqm0GoTVo341tbAaDJb8xWHYjb6STnAP3r8hHu0jleH26j vn/NQ3xPTQ7FPaB6gDoKn6Kb2Y8rDjUs+Hps7S9REtplxLR9zkERS0lWQHoz0bSd eBTmNg5OAQxVwH6jFc4wnUnHHaPk7iALBXVo8mrkU3+6CAfejUbhJpSVxYceZQZx hl7NFgr9NSj4aT1nnnNGjGPHY4pPvrvyc55hQIrIPtk+teEzWL0br5VxPB3LVmKS framl2fXHOd7uV1rHcgfWlI0LYBldC1C5JhSlE9hxh3BfpejMauev2rGiWVDCTyr RIC7zJDqBAc3F7XjbjVebrKjdb761SPmYbdCDHyVBuR8mePyzbEvHkfkvSGi0XbD egVto6K1njcXU1uXLyKxGnPDH2pUZCTT+Hg7wF3U3zf0gvpO9Ifk+uhELoz6FAFJ SXGVS245KjwhJmBwh02gsjbX/Fy+DLUnmVAsdL5hCMBZmzv5Cs0fGqefBTgHahft 5ZVRP3cfwSKSFfLTRTO6GF2ZlUk4kwFwqP1HpVjB2Y4N/63OllST/lIlJPhsZHH0 BNnEWyb0RME= =hP8c -----END PGP SIGNATURE-----
Powered by blists - more mailing lists