CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2004-1099
https://notcve.org/view.php?id=CVE-2004-1099
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. Cisco Secure Access Control Server para Windows (ACS Windows) y Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1 cuando el protocolo EAP-TLS está permitido, no maneja adecuadamente certificados expirados o no confiables, lo que permite a atacantes remotos saltarse autenticación y ganar acceso no autorizado mediante un certificado "criptográficamente correcto" con campos válidos, como el nombre de usuario. • http://www.ciac.org/ciac/bulletins/p-028.shtml http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml http://www.securityfocus.com/bid/11577 https://exchange.xforce.ibmcloud.com/vulnerabilities/17936 •