allan
04-24-03, 12:36 PM
http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml
This only applies to CatOS version 7.5(1):
"Anyone who can obtain command line access to an affected switch can bypass password authentication to obtain "enable" mode access without knowledge of the "enable" password. If local user authentication is enabled, a valid username can be used to gain access to the switch without a valid password. This same local user could then enter enable without a valid password."
Make sure you upgrade, especially if you are using telnet to access your switches.
This only applies to CatOS version 7.5(1):
"Anyone who can obtain command line access to an affected switch can bypass password authentication to obtain "enable" mode access without knowledge of the "enable" password. If local user authentication is enabled, a valid username can be used to gain access to the switch without a valid password. This same local user could then enter enable without a valid password."
Make sure you upgrade, especially if you are using telnet to access your switches.