Vulnonym.com

CVE-2006-5660 - Melanic Fighter

Description

Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server.

Reference

http://www.cisco.com/en/US/products/products_security_advisory09186a00807726f7.shtml http://www.securityfocus.com/bid/20852 http://securitytracker.com/id?1017148 http://secunia.com/advisories/22684 http://www.kb.cert.org/vuls/id/778648 http://www.osvdb.org/30169 http://www.vupen.com/english/advisories/2006/4308 https://exchange.xforce.ibmcloud.com/vulnerabilities/29955