Software Engineering Institute

Cisco Security Agent Management Center (CSAMC) is a component of the CiscoWorks VPN. This core management software allows definition and distribution of policies, provides software updates, and maintains communications for Cisco Security Agents. Remote authentication to CSAMC can be configured using an external Lightweight Directory Access Protocol (LDAP) server. According to Cisco Security Advisory cisco-sa-20061101-csamc:

If CSAMC is configured to use LDAP for authentication, it is possible to supply a valid administrator username and blank (zero length) password and gain administrative access to the CSAMC application with the role privileges of the administrator.
Cisco states that this issue affects CSAMC 5.1 before 5.1.0.79.

A remote attacker with knowledge of a valid administrator username may be able to access the CSAMC with the role privileges of the administrator.

Update
Cisco has released an update to address this issue. See Cisco Security Advisory cisco-sa-20061101-csamc for more details.

Disable LDAP

According to Cisco Security Advisory cisco-sa-20061101-csamc:
It is possible to workaround this vulnerability by disabling external LDAP authentication and configuring administrators to authenticate against the local CSAMC database.