SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco ASA Vendors:   Cisco
Cisco ASA Test Function Discloses AAA Passwords
SecurityTracker Alert ID:  1018660
SecurityTracker URL:  http://securitytracker.com/id/1018660
CVE Reference:   CVE-2007-4786   (Links to External Site)
Updated:  Apr 15 2008
Original Entry Date:  Sep 6 2007
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco ASA. A local user with certain privileges can view passwords.

A local privileged user can issue a 'test' command to cause the AAA username and password to be sent in plain text to the syslog service or the remote syslog server.

Cisco has assigned Cisco Bug ID CSCsj72903 to this vulnerability.

Versions prior to 7.0 are not affected.

Lisa Sittler of CERT/CC reported this vulnerability.

The original advisory is available at:

http://www.kb.cert.org/vuls/id/563673



Impact:   A local user can view passwords.
Solution:   The vendor has issued fixed versions (7.0.7.1, 7.1.2.61, 7.2.2.34, and 8.0.2.11).
Vendor URL:  www.cisco.com (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC