C-Note-07-004: Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability (01/18/07)

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to. Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information.

This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml

CIAC would like to thank Sun for this information.