NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2004-q1

[SA10586] Cisco Personal Assistant Password Authentication Bypass Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jan 09 2004 - 06:59:03 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Cisco Personal Assistant Password Authentication Bypass Vulnerability

SECUNIA ADVISORY ID:
SA10586

VERIFY ADVISORY:
http://www.secunia.com/advisories/10586/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From local network

SOFTWARE:
Cisco Personal Assistant Version 1.4x

DESCRIPTION:
Cisco has issued an advisory regarding a vulnerability in Cisco
Personal Assistant, allowing malicious people to access the
configuration interface.

Anyone can access the configuration interface with a valid username
and any password if the Cisco Personal Assistant is set to "Allow
Only Cisco CallManager Users" and the Personal Assistant Corporate
Directory refers to the same directory as the Cisco CallManager.

Cisco has reported that versions 1.4(1) and 1.4(2) are affected.
Prior versions are not affected.

SOLUTION:
No update is available.

Cisco recommend that the "Allow Only Cisco CallManager Users" option
is de-selected.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://www.secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]