CVE-2006-0561

medium

Description

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26307

http://www.vupen.com/english/advisories/2006/1741

http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt

http://www.securityfocus.com/bid/16743

http://www.securityfocus.com/archive/1/433301/100/0/threaded

http://www.securityfocus.com/archive/1/433286/100/0/threaded

http://www.osvdb.org/25892

http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml

http://securitytracker.com/id?1016042

Details

Source: Mitre, NVD

Published: 2006-05-10

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00049