Back to search
CVE-2002-0848
Published: Apr 2, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability
vendor-advisory
x_refsource_CISCO
cisco-vpn5000-plaintext-password(9781)
vdb-entry
x_refsource_XF
5417
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now