ID
VAR-200208-0056
CVE
CVE-2002-0848
TITLE
Cisco VPN 5000 Series concentrator RADIUS PAP Authentication vulnerability
Trust: 0.6
DESCRIPTION
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. The VPN 5000 Concentrator line supports the use of a RADIUS server to authenticate client connections. An error has been reported in this authentication process when either PAP or Challenge authentication is used. If more than one authentication message is transmitted, the client password will be sent in plaintext. Cisco has reported that this issue does not exist if CHAP authentication is used. The Cisco VPN 5000 Series Concentrators consist of a general-purpose remote-access virtual private network (VPN) platform and client software that combines high availability, performance, and scalability with today's most advanced encryption and authentication technologies for Professional operators or enterprise users provide services. User passwords may be sent in clear text. VPN 5000 series concentrators support three RADIUS communication methods. The keyword ChallengeType in the [RADIUS] section can be set to CHAP, PAP or Challenge. When using a RADIUS server, access requests are sent to the RADIUS server, and user passwords are encrypted according to RFC regulations. If within a certain period of time due to network or configuration problems, the server does not return an Access-Accept (allowing access) packet, then the concentrator will send a retry packet, but the user password in this packet is sent in plain text. All Cisco VPN 5000 Series Concentrator hardware using software versions 6.0.21.0002 (and earlier) and 5.2.23.0003 (and earlier) are affected by this vulnerability. This series includes the 5001, 5002 and 5008 models. Older versions of the IntraPort family of concentrator hardware are also affected by this vulnerability. This series includes IntraPort 2, IntraPort 2+, IntraPort Enterprise-2 and Enterprise-8, IntraPort Carrier-2 and Carrier-8 models. VPN 3000 series concentrator hardware is not affected by this vulnerability
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | cisco | model: | vpn 5000 concentrator series software | scope: | gte | version: | 6.0.15 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 5000 concentrator series software | scope: | lte | version: | 6.0.21.0002 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 5000 concentrator series software | scope: | lte | version: | 5.2.23.0003 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 5000 concentrator series software | scope: | gte | version: | 5.2.14 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 5000 concentrator series software | scope: | eq | version: | 5.2.23.0003 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 500 concentrator | scope: | eq | version: | 6.0.21.0002 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 500 concentrator | scope: | eq | version: | 5.2.23.0003 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 5008 | Trust: 0.3 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 5002 | Trust: 0.3 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 5001 | Trust: 0.3 |
| vendor: | cisco | model: | intraport enterprise-8 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | intraport enterprise-2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | intraport carrier-8 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | intraport carrier-2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | intraport | scope: | eq | version: | 2+ | Trust: 0.3 |
| vendor: | cisco | model: | intraport | scope: | eq | version: | 2 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
EXTERNAL IDS
| db: | BID | id: | 5417 | Trust: 2.0 |
| db: | NVD | id: | CVE-2002-0848 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200208-008 | Trust: 0.7 |
| db: | XF | id: | 5000 | Trust: 0.6 |
| db: | CISCO | id: | 20020807 CISCO VPN 5000 SERIES CONCENTRATOR RADIUS PAP AUTHENTICATION VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-5239 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/5417 | Trust: 1.7 |
| url: | http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/9781.php | Trust: 1.7 |
CREDITS
Cisco PSIRT※ psirt@cisco.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-5239 |
| db: | BID | id: | 5417 |
| db: | CNNVD | id: | CNNVD-200208-008 |
| db: | NVD | id: | CVE-2002-0848 |
LAST UPDATE DATE
2024-08-14T14:09:09.104000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-5239 | date: | 2018-10-30T00:00:00 |
| db: | BID | id: | 5417 | date: | 2002-08-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-200208-008 | date: | 2005-05-02T00:00:00 |
| db: | NVD | id: | CVE-2002-0848 | date: | 2018-10-30T16:25:33.607 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-5239 | date: | 2002-08-12T00:00:00 |
| db: | BID | id: | 5417 | date: | 2002-08-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-200208-008 | date: | 2002-08-12T00:00:00 |
| db: | NVD | id: | CVE-2002-0848 | date: | 2002-08-12T04:00:00 |