CVE-2002-1096

Description

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.

Affected products

• Cisco / vpn_3000_concentrator_series_software2.0 – 2.0
• Cisco / vpn_3000_concentrator_series_software2.5.2.a – 2.5.2.a
• Cisco / vpn_3000_concentrator_series_software2.5.2.b – 2.5.2.b
• Cisco / vpn_3000_concentrator_series_software2.5.2.c – 2.5.2.c
• Cisco / vpn_3000_concentrator_series_software2.5.2.d – 2.5.2.d
• Cisco / vpn_3000_concentrator_series_software2.5.2.f – 2.5.2.f
• Cisco / vpn_3000_concentrator_series_software3.0 – 3.0
• Cisco / vpn_3000_concentrator_series_software3.0(rel) – 3.0(rel)
• Cisco / vpn_3000_concentrator_series_software3.0.3.a – 3.0.3.a
• Cisco / vpn_3000_concentrator_series_software3.0.3.b – 3.0.3.b
• Cisco / vpn_3000_concentrator_series_software3.0.4 – 3.0.4
• Cisco / vpn_3000_concentrator_series_software3.1 – 3.1
• Cisco / vpn_3000_concentrator_series_software3.1(rel) – 3.1(rel)
• Cisco / vpn_3000_concentrator_series_software3.1.1 – 3.1.1
• Cisco / vpn_3000_concentrator_series_software3.1.2 – 3.1.2
• Cisco / vpn_3000_concentrator_series_software3.5(rel) – 3.5(rel)
• Cisco / vpn_3002_hardware_client

References

• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
• MISChttp://www.securityfocus.com/bid/5611
• MISChttp://www.iss.net/security_center/static/10019.php