Cisco has issued an update to address security holes in its Secure Access Control System (ACS).
The company said that the update would address a flaw which could potentially allow an attacker to reset passwords on user accounts, without first needing to enter the original password.
* Microsoft addresses four flaws in March Patch Tuesday
* Google patches five flaws with Chrome update
* Google patches Chrome ahead of Pwn2Own challenge
Once an attacker has changed the password, the credentials could then be used to access user accounts and perform actions under the stolen account name. The original user would be unable to log into the account.
Cisco recommends installing the latest security updates. For ACS 5.1, users are advised to install the Patch 6 release, while ACS 5.2 systems should run the Patch 3 update.
Users can check their version of ACS by entering the software’s command line interface and entering the “show version” command.
Cisco has also posted a patch for its Network Admission Control (NAC) Guest Server component. The patch fixes a vulnerability which could potentially allow an unauthorised user to bypass security protections when logging into the system.
Systems running NAC Guest Server versions prior to 2.0.3 are advised to update the software and patch the vulnerability.
Read more: http://www.v3.co.uk/v3-uk/news/2039283/cisco-patches-password-stealing-flaw-secure-access-control#ixzz1IZoy26gY
The V3 App store has games, downloads and more. Visit the store now.