Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Cisco ASA Vendors:   Cisco
Cisco ASA Test Function Discloses AAA Passwords
SecurityTracker Alert ID:  1018660
SecurityTracker URL:
CVE Reference:   CVE-2007-4786   (Links to External Site)
Updated:  Apr 15 2008
Original Entry Date:  Sep 6 2007
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco ASA. A local user with certain privileges can view passwords.

A local privileged user can issue a 'test' command to cause the AAA username and password to be sent in plain text to the syslog service or the remote syslog server.

Cisco has assigned Cisco Bug ID CSCsj72903 to this vulnerability.

Versions prior to 7.0 are not affected.

Lisa Sittler of CERT/CC reported this vulnerability.

The original advisory is available at:

Impact:   A local user can view passwords.
Solution:   The vendor has issued fixed versions (,,, and
Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC