TUCoPS :: Cisco :: napl5612.htm

Cisco VPN 5000 series may send authentification information in cleartext
8th Aug 2002 [SBWID-5612]
COMMAND

	Cisco  VPN  5000  series  may  send  authentification   information   in
	cleartext

SYSTEMS AFFECTED

	All  Cisco  VPN  5000  series  concentrator  hardware  running  software
	release 6.0.21.0002 (and earlier)  and  5.2.23.0003  (and  earlier)  are
	affected by this vulnerability. This series includes models 5001,  5002,
	and 5008.
	

	

PROBLEM

	Per Cisco bug announcement [CSCdx82483] :
	

	Cisco VPN 5000 setup for RADIUS authentification using the PAP  or  CHAP
	protocol, sends the user password in cleartext  over  the  wire  if  the
	first attempt to transmit account information failed.

SOLUTION

	See                                                                    :
	http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH