Password Exposure Vulnerability in Cisco VPN Concentrator
CVE-2002-1096

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco VPN 3000 Concentrator suffers from a vulnerability that permits restricted administrators to access user passwords, as these are stored in plaintext format within the HTML source code. This exposes sensitive information, allowing unauthorized access to user accounts and potential compromise of the affected systems. Products in the 2.2.x and 3.x versions prior to 3.5.1 are notably at risk, highlighting the need for immediate patching and adherence to security best practices.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5611

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10019.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002