Remote Authentication Bypass in Cisco VPN 3000 Concentrator
CVE-2002-1092

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco VPN 3000 Concentrator, specifically versions 3.6(Rel) and earlier, allows remote VPN clients to bypass intended user authentication when configured to utilize internal authentication with group accounts alone. This misconfiguration can lead to unauthorized access via PPTP or IPSEC protocols, posing significant security risks to networks relying on these VPN connections. Administrators must ensure that appropriate user accounts are established to mitigate this vulnerability.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/10017

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5613

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002