cvelistv5 - cve-2006-0561

cve-2006-0561

Vulnerability from cvelistv5

Published

2006-05-09 23:00

Modified

2024-08-07 16:41

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1016042	Patch
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml	Patch
cve@mitre.org	http://www.osvdb.org/25892
cve@mitre.org	http://www.securityfocus.com/archive/1/433286/100/0/threaded	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/433301/100/0/threaded	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/16743	Patch
cve@mitre.org	http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1741
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26307
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016042	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25892
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433286/100/0/threaded	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433301/100/0/threaded	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16743	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1741
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26307

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:28.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16743",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16743"
          },
          {
            "name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
          },
          {
            "name": "1016042",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016042"
          },
          {
            "name": "25892",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25892"
          },
          {
            "name": "ADV-2006-1741",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1741"
          },
          {
            "name": "cisco-acs-admin-password-disclosure(26307)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
          },
          {
            "name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
          },
          {
            "name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "16743",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16743"
        },
        {
          "name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
        },
        {
          "name": "1016042",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016042"
        },
        {
          "name": "25892",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25892"
        },
        {
          "name": "ADV-2006-1741",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1741"
        },
        {
          "name": "cisco-acs-admin-password-disclosure(26307)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
        },
        {
          "name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
        },
        {
          "name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "16743",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16743"
            },
            {
              "name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
            },
            {
              "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt",
              "refsource": "MISC",
              "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
            },
            {
              "name": "1016042",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016042"
            },
            {
              "name": "25892",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25892"
            },
            {
              "name": "ADV-2006-1741",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1741"
            },
            {
              "name": "cisco-acs-admin-password-disclosure(26307)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
            },
            {
              "name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
            },
            {
              "name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0561",
    "datePublished": "2006-05-09T23:00:00",
    "dateReserved": "2006-02-06T00:00:00",
    "dateUpdated": "2024-08-07T16:41:28.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"A60B49A7-B569-4485-A6B3-E14B9FB96950\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"FA889730-B2FF-4219-BBCA-A4364BA61EAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"810AD2C1-62DB-4839-9E05-CC4210371F64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"DFFE6A50-B704-42BB-8FFF-27E9F4D3B576\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"535D5672-AE3F-4D5F-A253-C650298DBD2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*\", \"matchCriteriaId\": \"7CDA01B6-6887-40BB-B541-65F198D03219\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_nt:*:*:*:*:*\", \"matchCriteriaId\": \"E01BE6C6-4DB4-47BA-BBE6-C06359320ABB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key.\"}]",
      "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Secure Access Control Server, 4.0.1",
      "id": "CVE-2006-0561",
      "lastModified": "2024-11-21T00:06:44.850",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-05-10T02:14:00.000",
      "references": "[{\"url\": \"http://securitytracker.com/id?1016042\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/25892\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/433286/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/433301/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/16743\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26307\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/25892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/433286/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/433301/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/16743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26307\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0561\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-10T02:14:00.000\",\"lastModified\":\"2024-11-21T00:06:44.850\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"A60B49A7-B569-4485-A6B3-E14B9FB96950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"FA889730-B2FF-4219-BBCA-A4364BA61EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"810AD2C1-62DB-4839-9E05-CC4210371F64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"DFFE6A50-B704-42BB-8FFF-27E9F4D3B576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"535D5672-AE3F-4D5F-A253-C650298DBD2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*\",\"matchCriteriaId\":\"7CDA01B6-6887-40BB-B541-65F198D03219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_nt:*:*:*:*:*\",\"matchCriteriaId\":\"E01BE6C6-4DB4-47BA-BBE6-C06359320ABB\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1016042\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/25892\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/433286/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/433301/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/16743\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1741\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26307\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/25892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/433286/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/433301/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/16743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability is addressed in the following product release:\\r\\nCisco, Secure Access Control Server, 4.0.1\"}}"
  }
}

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. Cisco Secure ACS is susceptible to an insecure password-storage vulnerability. This issue is due to a failure of the application to properly secure sensitive password information. This issue allows attackers to gain access to encrypted passwords and to the key used to encrypt them. This allows them to obtain the plaintext passwords, aiding them in attacking other services that depend on the ACS server for authentication. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                Symantec Vulnerability Research                                   
                https://www.symantec.com/research
                      Security Advisory

Advisory ID : SYMSA-2006-003 Advisory Title: Cisco Secure ACS for Windows - Administrator Password Disclosure Author : Andreas Junestam Release Date : 05-08-2006 Application : Cisco Secure ACS 3.x for Windows Platform : Microsoft Windows Severity : System access / exploit available Vendor status : Vendor verified, workaround available CVE Number : CVE-2006-0561 Reference : http://www.securityfocus.com/bid/16743

Overview:

Cisco Secure ACS is a central administration platform for 
Cisco network devices. It controls authentication and 
authorization for enrolled devices. Administrative 
passwords for locally-defined users are stored in such a 
way they can be obtained from the Windows registry. If 
remote registry access is enabled, this can be done over 
the network. The passwords are 
encrypted using the Crypto API Microsoft Base Cryptographic 
Provider v1.0. This information 
can easily be obtained locally by a Windows administrator, 
and if remote registry access is enabled, it can be 
obtained over the network. With this, the clear-text 
passwords can be recovered by decrypting the information 
in the registry with the supplied key. A locally generated master key is used to 
encrypt/decrypt the ACS administrator passwords. The master
key is also stored in the Windows registry in an encrypted 
format. One feature of Windows 
operating systems is the ability to modify the permissions 
of a registry key to remove access even for local or 
domain administrators.

The following registry key and all of its sub-keys need to 
be protected.

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.3\CSAdmin\Administrators

Note: The "CiscoAAAv3.3" portion of the registry key path
may differ slightly depending on the version of Cisco Secure
ACS for Windows that is installed. The Windows users that need permissions to the registry
key will depend on the deployment type.

For information about editing the Windows registry, please 
consult the following Microsoft documentation. For information on
restricting remote registry access, please consult the
following Microsoft documentation.

"How to restrict access to the registry from a remote computer"

http://support.microsoft.com/kb/q153183

"How to Manage Remote Access to the Registry"

http://support.microsoft.com/kb/q314837

Recommendation:

Follow your organization's testing procedures before 
applying patches or workarounds.  See Cisco's instructions
on how to place an ACL on the Registry Key, and also how 
to restrict remote access to the Windows registry.

These recommendations do not eliminate the vulnerability, 
but provide some mitigation.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

CVE-2006-0561

-------Symantec Vulnerability Research Advisory Information-------

For questions about this advisory, or to report an error: research@symantec.com

For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf

Symantec Vulnerability Research Advisory Archive: http://www.symantec.com/research/

Symantec Vulnerability Research PGP Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_PGP.asc

-------------Symantec Product Advisory Information-------------

To Report a Security Vulnerability in a Symantec Product: secure@symantec.com

For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/

Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html

Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc

Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com.

Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEXR5muk7IIFI45IARArK+AJwOzswbkJN2WirzNweklR+iBBHpsQCgyNOe vKVo3Si7ycswRs/2kiA997I= =dkX3 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200605-0001",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.x (windows)"
      },
      {
        "model": "secure acs for windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.3"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "secure acs for windows nt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.2"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3(1)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.2"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(3)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(2)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(1.20)"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2(1)"
      },
      {
        "model": "secure access control server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure acs solution engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure access control server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "16743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andreas Junestam andreas@atstake.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-0561",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-0561",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-16669",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-0561",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200605-133",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-16669",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key. Cisco Secure ACS is susceptible to an insecure password-storage vulnerability. This issue is due to a failure of the application to properly secure sensitive password information. \nThis issue allows attackers to gain access to encrypted passwords and to the key used to encrypt them. This allows them to obtain the plaintext passwords, aiding them in attacking other services that depend on the ACS server for authentication. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n\n                    Symantec Vulnerability Research                                   \n                    https://www.symantec.com/research\n                          Security Advisory\n\nAdvisory ID   : SYMSA-2006-003\nAdvisory Title: Cisco Secure ACS for Windows - Administrator \n                Password Disclosure\nAuthor        : Andreas Junestam\nRelease Date  : 05-08-2006\nApplication   : Cisco Secure ACS 3.x for Windows\nPlatform      : Microsoft Windows\nSeverity      : System access / exploit available \nVendor status : Vendor verified, workaround available\nCVE Number    : CVE-2006-0561\nReference     : http://www.securityfocus.com/bid/16743\n\n\nOverview: \n\n\tCisco Secure ACS is a central administration platform for \n\tCisco network devices. It controls authentication and \n\tauthorization for enrolled devices. Administrative \n\tpasswords for locally-defined users are stored in such a \n\tway they can be obtained from the Windows registry. If \n\tremote registry access is enabled, this can be done over \n\tthe network. The passwords are \n\tencrypted using the Crypto API Microsoft Base Cryptographic \n\tProvider v1.0. This information \n\tcan easily be obtained locally by a Windows administrator, \n\tand if remote registry access is enabled, it can be \n\tobtained over the network. With this, the clear-text \n\tpasswords can be recovered by decrypting the information \n\tin the registry with the supplied key. A locally generated master key is used to \n\tencrypt/decrypt the ACS administrator passwords. The master\n\tkey is also stored in the Windows registry in an encrypted \n\tformat. One feature of Windows \n\toperating systems is the ability to modify the permissions \n\tof a registry key to remove access even for local or \n\tdomain administrators. \n\n\tThe following registry key and all of its sub-keys need to \n\tbe protected. \n\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Cisco\\CiscoAAAv3.3\\CSAdmin\\Administrators\n\n\tNote: The \"CiscoAAAv3.3\" portion of the registry key path\n\tmay differ slightly depending on the version of Cisco Secure\n\tACS for Windows that is installed. The Windows users that need permissions to the registry\n\tkey will depend on the deployment type. \n\n\tFor information about editing the Windows registry, please \n\tconsult the following Microsoft documentation. For information on\n\trestricting remote registry access, please consult the\n\tfollowing Microsoft documentation. \n\n\t\"How to restrict access to the registry from a remote computer\"\n\n\thttp://support.microsoft.com/kb/q153183\n\n\t\"How to Manage Remote Access to the Registry\"\n\n\thttp://support.microsoft.com/kb/q314837\n\t\nRecommendation:\n\t\n\tFollow your organization\u0027s testing procedures before \n\tapplying patches or workarounds.  See Cisco\u0027s instructions\n\ton how to place an ACL on the Registry Key, and also how \n\tto restrict remote access to the Windows registry. \n\n\tThese recommendations do not eliminate the vulnerability, \n\tbut provide some mitigation. \n\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nthe following names to these issues.  These are candidates for \ninclusion in the CVE list (http://cve.mitre.org), which standardizes \nnames for security problems. \n\n\n\tCVE-2006-0561\n\n- -------Symantec Vulnerability Research Advisory Information-------\n\nFor questions about this advisory, or to report an error:\nresearch@symantec.com\n\nFor details on Symantec\u0027s Vulnerability Reporting Policy: \nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\n\nSymantec Vulnerability Research Advisory Archive: \nhttp://www.symantec.com/research/  \n\nSymantec Vulnerability Research PGP Key:\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_PGP.asc\n\n- -------------Symantec Product Advisory Information-------------\n\nTo Report a Security Vulnerability in a Symantec Product:\nsecure@symantec.com \n\nFor general information on Symantec\u0027s Product Vulnerability \nreporting and response:\nhttp://www.symantec.com/security/\n\nSymantec Product Advisory Archive: \nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\n\nSymantec Product Advisory PGP Key:\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\n\n- ---------------------------------------------------------------\n\nCopyright (c) 2006 by Symantec Corp. \nPermission to redistribute this alert electronically is granted \nas long as it is not edited in any way unless authorized by \nSymantec Consulting Services. Reprinting the whole or part of \nthis alert in any medium other than electronically requires \npermission from cs_advisories@symantec.com. \n\nDisclaimer\nThe information in the advisory is believed to be accurate at the \ntime of publishing based on currently available information. Use \nof the information constitutes acceptance for use in an AS IS \ncondition. There are no warranties with regard to this information. \nNeither the author nor the publisher accepts any liability for any \ndirect, indirect, or consequential loss or damage arising from use \nof, or reliance on, this information. \n\nSymantec, Symantec products, and Symantec Consulting Services are \nregistered trademarks of Symantec Corp. and/or affiliated companies \nin the United States and other countries. All other registered and \nunregistered trademarks represented in this document are the sole \nproperty of their respective companies/owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFEXR5muk7IIFI45IARArK+AJwOzswbkJN2WirzNweklR+iBBHpsQCgyNOe\nvKVo3Si7ycswRs/2kiA997I=\n=dkX3\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "db": "BID",
        "id": "16743"
      },
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "db": "PACKETSTORM",
        "id": "46315"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-16669",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-0561",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "16743",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1016042",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "25892",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1741",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20060508 RESPONSE TO SYMANTEC SYMSA-2006-003 CISCO SECURE ACS FOR WINDOWS - ADMINISTRATOR PASSWORD DISCLOSURE",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "26307",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060508 RE: SYMSA-2006-003: CISCO SECURE ACS FOR WINDOWS - ADMINISTRATOR PASSWORD DISCLOSURE",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060508 SYMSA-2006-003: CISCO SECURE ACS FOR WINDOWS - ADMINISTRATOR PASSWORD DISCLOSURE",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "46315",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-16669",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "db": "BID",
        "id": "16743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "db": "PACKETSTORM",
        "id": "46315"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "id": "VAR-200605-0001",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:02:42.865000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYMSA-2006-003.txt",
        "trust": 0.8,
        "url": "http://www.symantec.com/enterprise/research/symsa-2006-003.txt"
      },
      {
        "title": "16743",
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/16743"
      },
      {
        "title": "threaded",
        "trust": 0.8,
        "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
      },
      {
        "title": "cisco-sr-20060508-acs.shtml",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
      },
      {
        "title": "id?1016042",
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016042"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/16743"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.symantec.com/enterprise/research/symsa-2006-003.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/25892"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016042"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1741"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0561"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0561"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1741"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/26307"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/secursw/ps2086/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433301"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433679"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433286"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/research"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org),"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/symantec-responsible-disclosure.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/"
      },
      {
        "trust": 0.1,
        "url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;256986"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/research/symantec_vulnerability_research_pgp.asc"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/avcenter/security/symantecadvisories.html"
      },
      {
        "trust": 0.1,
        "url": "http://support.microsoft.com/kb/q153183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-0561"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security/symantec-vulnerability-management-key.asc"
      },
      {
        "trust": 0.1,
        "url": "http://support.microsoft.com/kb/q314837"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "db": "BID",
        "id": "16743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "db": "PACKETSTORM",
        "id": "46315"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "db": "BID",
        "id": "16743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "db": "PACKETSTORM",
        "id": "46315"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "date": "2006-05-08T00:00:00",
        "db": "BID",
        "id": "16743"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "date": "2006-05-17T06:59:28",
        "db": "PACKETSTORM",
        "id": "46315"
      },
      {
        "date": "2006-05-10T02:14:00",
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "date": "2006-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-16669"
      },
      {
        "date": "2006-05-15T19:54:00",
        "db": "BID",
        "id": "16743"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      },
      {
        "date": "2017-07-20T01:29:52.737000",
        "db": "NVD",
        "id": "CVE-2006-0561"
      },
      {
        "date": "2006-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows for  Cisco Secure Access Control Server Password cracking vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003863"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "16743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-133"
      }
    ],
    "trust": 0.9
  }
}

cve-2006-0561

Vulnerability from fkie_nvd

Published

2006-05-10 02:14

Modified

2024-11-21 00:06

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securitytracker.com/id?1016042	Patch
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml	Patch
cve@mitre.org	http://www.osvdb.org/25892
cve@mitre.org	http://www.securityfocus.com/archive/1/433286/100/0/threaded	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/433301/100/0/threaded	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/16743	Patch
cve@mitre.org	http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1741
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26307
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016042	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25892
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433286/100/0/threaded	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433301/100/0/threaded	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16743	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1741
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26307

Impacted products

Vendor	Product	Version
cisco	secure_access_control_server	3.0
cisco	secure_access_control_server	3.0.1
cisco	secure_access_control_server	3.0.3
cisco	secure_access_control_server	3.1
cisco	secure_access_control_server	3.1.1
cisco	secure_access_control_server	3.2
cisco	secure_access_control_server	3.2
cisco	secure_access_control_server	3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "A60B49A7-B569-4485-A6B3-E14B9FB96950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "810AD2C1-62DB-4839-9E05-CC4210371F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "DFFE6A50-B704-42BB-8FFF-27E9F4D3B576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "535D5672-AE3F-4D5F-A253-C650298DBD2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
              "matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "E01BE6C6-4DB4-47BA-BBE6-C06359320ABB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Secure Access Control Server, 4.0.1",
  "id": "CVE-2006-0561",
  "lastModified": "2024-11-21T00:06:44.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-10T02:14:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016042"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25892"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1741"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-976g-q969-v28j

Vulnerability from github

Published

2022-05-01 06:40

Modified

2022-05-01 06:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0561"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-10T02:14:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key.",
  "id": "GHSA-976g-q969-v28j",
  "modified": "2022-05-01T06:40:55Z",
  "published": "2022-05-01T06:40:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0561"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016042"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25892"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16743"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1741"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-0561

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-0561

Aliases

CVE-2006-0561

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0561",
    "description": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key.",
    "id": "GSD-2006-0561"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0561"
      ],
      "details": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key.",
      "id": "GSD-2006-0561",
      "modified": "2023-12-13T01:19:51.175323Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-0561",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "16743",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16743"
          },
          {
            "name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
          },
          {
            "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt",
            "refsource": "MISC",
            "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
          },
          {
            "name": "1016042",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016042"
          },
          {
            "name": "25892",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25892"
          },
          {
            "name": "ADV-2006-1741",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1741"
          },
          {
            "name": "cisco-acs-admin-password-disclosure(26307)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
          },
          {
            "name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
          },
          {
            "name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_nt:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0561"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
              "refsource": "BUGTRAQ",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
            },
            {
              "name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
              "refsource": "BUGTRAQ",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
            },
            {
              "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
            },
            {
              "name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
            },
            {
              "name": "16743",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/16743"
            },
            {
              "name": "1016042",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1016042"
            },
            {
              "name": "25892",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25892"
            },
            {
              "name": "ADV-2006-1741",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1741"
            },
            {
              "name": "cisco-acs-admin-password-disclosure(26307)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:29Z",
      "publishedDate": "2006-05-10T02:14Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-0561

Vulnerability from cvelistv5

var-200605-0001

Vulnerability from variot

cve-2006-0561

Vulnerability from fkie_nvd

ghsa-976g-q969-v28j

Vulnerability from github

gsd-2006-0561

Vulnerability from gsd

Tags

Sightings

Nomenclature