Plaintext Password Storage Vulnerability in Cisco VPN 5000 Client for MacOS
CVE-2002-1491

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 5000 Client
Vendor: CVE Published:; 2 April 2003

Summary

The Cisco VPN 5000 Client for MacOS versions prior to 5.2.2 contains a vulnerability that exposes the most recently used login passwords in plaintext when users save their 'Default Connection' settings. This flaw can be exploited by local users to gain unauthorized access to sensitive information, potentially compromising user accounts and security protocols. It is crucial for users to update their software to mitigate this risk.

References

http://www.cisco.com/warp/public/707/vpn5k-client-multipl...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5736

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10129.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 2, 2003
Vulnerability Reserved
Feb 5, 2003