Vulnerability Details CVE-2006-0561
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.1%
CVSS Severity
CVSS v2 Score 7.2
References
- http://securitytracker.com/id?1016042
- http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml
- http://www.osvdb.org/25892
- http://www.securityfocus.com/archive/1/433286/100/0/threaded
- http://www.securityfocus.com/archive/1/433301/100/0/threaded
- http://www.securityfocus.com/bid/16743
- http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt
- http://www.vupen.com/english/advisories/2006/1741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26307
- http://securitytracker.com/id?1016042
- http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml
- http://www.osvdb.org/25892
- http://www.securityfocus.com/archive/1/433286/100/0/threaded
- http://www.securityfocus.com/archive/1/433301/100/0/threaded
- http://www.securityfocus.com/bid/16743
- http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt
- http://www.vupen.com/english/advisories/2006/1741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26307
Products affected by CVE-2006-0561
-
cpe:2.3:a:cisco:secure_access_control_server:3.0
-
cpe:2.3:a:cisco:secure_access_control_server:3.0.1
-
cpe:2.3:a:cisco:secure_access_control_server:3.0.3
-
cpe:2.3:a:cisco:secure_access_control_server:3.1
-
cpe:2.3:a:cisco:secure_access_control_server:3.1.1
-
cpe:2.3:a:cisco:secure_access_control_server:3.2
-
cpe:2.3:a:cisco:secure_access_control_server:3.3