CVE-2002-0241 Information

Description

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS) which could allow those users to authenticate to the server.

Reference

http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml http://www.iss.net/security_center/static/8106.php http://www.securityfocus.com/bid/4048