Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2006-0561

CVE information

Published

16 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

High

Impact Analysis

Description

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key..

CVSSv2.0 Score

Severity
High
Base Score
7.2/10
Exploit Score
3.9/10
Access Vector
Local
Access Complexity
Low
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_n
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_n
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_s
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_n
  Yes
- -
cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_n
  Yes
- -