• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco VPN 3000 Series Concentrator Certificate Credential Disclosure Vulnerability

Cisco VPN 3000 series concentrators will disclose the certificate password in the Certificate Management web page source code. This may enable an administrative user to gain unauthorized access to the Certificate Management interface.

This would only be an issue in circumstances where the policy of an organization using the device restricts certificate management privileges to particular administrative users.