Re: [Full-disclosure] Cisco Security Advisory: RADIUS Authentication Bypass
From: cstone (cstone_at_pobox.com)
Date: 06/29/05
- Previous message: Christopher Kunz: "[Full-disclosure] Advisory 02/2005: Remote code execution in Serendipity"
- In reply to: Cisco Systems Product Security Incident Response Team: "[Full-disclosure] Cisco Security Advisory: RADIUS Authentication Bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jun 2005 12:46:14 -0400 To: Cisco Systems Product Security Incident Response Team <psirt@cisco.com>
On Wed, Jun 29, 2005 at 05:00:00PM +0200, Cisco Systems Product Security Incident Response Team wrote:
i would like to file a bug with this advisory (infinite loop):
[...]
> 4. Is there any other method between RADIUS and none?
> No: You are vulnerable.
> Yes: Go to step 5.
>
> 5. Is the other authentication method local?
> No: You are not vulnerable.
> Yes: Go to step 4.
[...]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Christopher Kunz: "[Full-disclosure] Advisory 02/2005: Remote code execution in Serendipity"
- In reply to: Cisco Systems Product Security Incident Response Team: "[Full-disclosure] Cisco Security Advisory: RADIUS Authentication Bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
