Cisco issues patch to plug password security flaws
Cisco has issued a patch to address a security flaw whoch could allow an attacker to bypass password protections in its Access Control System (ACS) platform.
The company said that the update would install a revision to the ACS platform, specifically the handling of the TACAS+ security protocol.
Cisco said that the flaw would potentially allow an attacker to use a specific set of characters in combination with a valid account name to cause a crash which lets the attacker bypass the authentication process and access the target system. The company noted that while an attacker would need a valid user name, the technique could be used on any system with the vulnerable component.