lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201610121205.6.msc@psirt.cisco.com>
Date: Wed, 12 Oct 2016 12:05:50 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Meeting Server Client Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20161012-msc

Revision 1.0

For Public Release 2016 October 12 16:00  UTC (GMT)
Last Updated  2016 October 12 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP)
service of the Cisco Meeting Server (CMS) could allow an unauthenticated,
remote attacker to masquerade as a legitimate user. This vulnerability
is due to the XMPP service incorrectly processing a deprecated
authentication scheme. A successful exploit could allow an attacker to
access the system as another user.

Cisco has released software updates that address this vulnerability.
Workarounds that address this vulnerability in some environments are
available. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc
-----BEGIN PGP SIGNATURE-----

iQIVAwUBV/5T1K89gD3EAJB5AQJXixAAya7sQ4U4yX6jUyZlGvudqvto/qHd4gj5
1KCqLAs6zo1xQ2FckY5ZcSRCmih3ePR3gn7MMa3hvyaPRrBqqIsStRcsbxgWKK4o
b3z82O3Ff/texUaVCGcPjOlW3Dyji0YNblq5WaNqoNyTDxHRsoF0q9ZfRCPQ7px7
ixH7sjlSnR7M5y8Xvx0ZHPrgD3dh0UFdBsywM8wWKAwMRMgnOK3R8TlbmvRNwEQu
JOjdiIjgiZ0f0mF4aqUNwSzkBbSBEZJ9PbHDWBfxcFnUu06Bja+wRIqIP+iaUFUB
RFZukZ19hPjbuIb3qeKOjpbvOBWdt6w+LGmaVLAvQGooFg3at/LhCfPjjKkPZxfy
E2kD2YjkI1iKbVU79qGmZZXydUp36Ec3uLQVKZJV0vYyg1Frrgh1NXBnQjjCJq1+
+yA3PB2REapoVF+GJ8S5Rce/xYuIh1BG5WMHDGtGKig01e34nvVKHaDVxUmvF/bu
Ldd3WyjJqd0hueeVeAMnogph4Yk9Q0g4WugNKex8gmiYnA6RVe/j6W8MUWLi2vb6
4wep9961nqk16hOeNhNGO9CU5NXNj2hPEMBwgcsA7RJDMLEQpuEmBpuBzxl17vya
vEdt/RQzKTho23POnsSpyucQ5TbXsiqtHxzN2lke9UH0zNKOLJXo+y0b/EElWSAC
AnmG++lEvcw=
=Y8pC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ