• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco IPsec VPN Client Group Password Disclosure Vulnerability

Bugtraq ID:	10155
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 15 2004 12:00AM
Updated:	Apr 15 2004 12:00AM
Credit:	Karl Gaissmaier is credited with discovering this issue in Linux based products, Jonas Eriksson and Nicholas Kathmann are credited with the discovery of this vulnerability in the Windows based equivalent.
Vulnerable:	Cisco VPN Client for Windows 4.0.2 C Cisco VPN Client for Windows 4.0.2 A Cisco VPN Client for Windows 3.6.1 Cisco VPN Client for Windows 3.6 (Rel) Cisco VPN Client for Windows 3.6 Cisco VPN Client for Windows 3.5.4 Cisco VPN Client for Windows 3.5.2 B Cisco VPN Client for Windows 3.5.2 Cisco VPN Client for Windows 3.5.1 C Cisco VPN Client for Windows 3.5.1 Cisco VPN Client for Windows 3.1 Cisco VPN Client for Windows 3.0.5 Cisco VPN Client for Windows 3.0 Cisco VPN Client for Windows 2.0 Cisco VPN Client for Linux 3.6.1 Cisco VPN Client for Linux 3.6 Cisco VPN Client for Linux 3.5.4 Cisco VPN Client for Linux 3.5.2 B Cisco VPN Client for Linux 3.5.2 Cisco VPN Client for Linux 3.5.1
Not Vulnerable: