Cisco VPN 5000 Concentrator Plaintext Password

The VPN 5000 Concentrator line supports the use of a RADIUS server to authenticate client connections. An error has been reported in this authentication process when either PAP or Challenge authentication is used. If more than one authentication message is transmitted, the client password will be sent in plaintext.

Cisco has reported that this issue does not exist if CHAP authentication is used.


Privacy Statement
Copyright 2010, SecurityFocus