The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 15.4(1)t (including) | 15.4(1)t (including) |
| Ios | Cisco | 15.4(1)t1 (including) | 15.4(1)t1 (including) |
| Ios | Cisco | 15.4(1)t2 (including) | 15.4(1)t2 (including) |
| Ios | Cisco | 15.4(1)t3 (including) | 15.4(1)t3 (including) |
| Ios | Cisco | 15.4(1)t4 (including) | 15.4(1)t4 (including) |
| Ios | Cisco | 15.4(2)t (including) | 15.4(2)t (including) |
| Ios | Cisco | 15.4(2)t1 (including) | 15.4(2)t1 (including) |
| Ios | Cisco | 15.4(2)t2 (including) | 15.4(2)t2 (including) |
| Ios | Cisco | 15.4(2)t3 (including) | 15.4(2)t3 (including) |
| Ios | Cisco | 15.4(100)t (including) | 15.4(100)t (including) |
| Ios | Cisco | 15.4t (including) | 15.4t (including) |