Cisco VPN Concentrator Groupname Enumeration Weakness

Cisco VPN Concentrator is affected by a remote groupname enumeration weakness. This issue is due to a design error that could assist a remote attacker in enumerating groupnames.

Reportedly, once the attacker has verified a groupname they can obtain a password hash from an affected device and carry out bruteforce attacks against the password hash.

A valid groupname and password pair can allow the attacker to complete IKE Phase-1 authentication and carry out man-in-the-middle attacks against other users. This may ultimately allow the attacker to gain unauthorized access to the network.

All Cisco VPN Concentrator 3000 series products running groupname authentication are considered vulnerable to this issue.

This issue is tracked by the following Cisco BUG IDs:

CSCeg00323, CSCsb38075, and CSCsf25725 - for the Cisco VPN 3000 Series Concentrators
CSCei29901 - for the Cisco PIX 500 Series Security Appliances running code version 7.x
CSCei51783 - for the Cisco ASA 5500 Series Adaptive Security Appliances running code version 7.x
CSCsb26495 and CSCsb33172 - for Cisco IOS® software


Privacy Statement
Copyright 2010, SecurityFocus