Wednesday, June 29, 2005

Cisco Security Advisory: RADIUS Authentication Bypass

Via the Cisco website.

Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.

Systems that are configured for other authentication methods or that are
not configured with a fallback method to none are not affected.

Only the systems that are running certain versions of Cisco IOSĀ® are affected. Not all configurations using
RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.

Cisco has made free software available to address this vulnerability
.

There are workarounds available to mitigate the effects of the vulnerability.

The vulnerabilities are documented as the following Cisco Bug IDs:
  • CSCee45312 -- Radius authentication bypass when configured with a none fallback method

0 Comments:

Post a Comment

<< Home