Details of VAR-200210-0276

ID

VAR-200210-0276

CVE

CVE-2002-1105

TITLE

Cisco VPN Client Local Password Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-094

DESCRIPTION

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. Cisco has reported that a vulnerability exists in the Windows VPN client that may result in unintended disclosure of the password. It is possible to extract the plaintext password value from a "shaded" (replaced with asterisks) field in the authentication property page using a utility. This utility may be the publicly available "Revelation" tool, however this is unconfirmed. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. A local attacker can exploit this vulnerability to conduct password recovery attacks and obtain group password information. There are design loopholes in the Cisco VPN client. These passwords were originally displayed with '*'. CISCO designated this vulnerability number as: CSCdt60391

Trust: 1.26

sources: NVD: CVE-2002-1105 // BID: 5650 // VULHUB: VHN-5493

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	ne	version:	3.5.1	Trust: 0.3

sources: BID: 5650 // CNNVD: CNNVD-200210-094 // NVD: CVE-2002-1105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1105
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-094
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5493
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1105
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5493
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5493 // CNNVD: CNNVD-200210-094 // NVD: CVE-2002-1105

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1105

THREAT TYPE

local

Trust: 0.9

sources: BID: 5650 // CNNVD: CNNVD-200210-094

TYPE

Design Error

Trust: 0.9

sources: BID: 5650 // CNNVD: CNNVD-200210-094

EXTERNAL IDS

db:	BID	id:	5650	Trust: 2.0
db:	NVD	id:	CVE-2002-1105	Trust: 1.7
db:	CISCO	id:	20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET	Trust: 0.6
db:	XF	id:	10044	Trust: 0.6
db:	CNNVD	id:	CNNVD-200210-094	Trust: 0.6
db:	VULHUB	id:	VHN-5493	Trust: 0.1

sources: VULHUB: VHN-5493 // BID: 5650 // CNNVD: CNNVD-200210-094 // NVD: CVE-2002-1105

REFERENCES

url:	http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml	Trust: 3.0
url:	http://www.securityfocus.com/bid/5650	Trust: 2.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10044	Trust: 2.1
url:	http://xforce.iss.net/xforce/xfdb/10044	Trust: 0.6

sources: VULHUB: VHN-5493 // BID: 5650 // CNNVD: CNNVD-200210-094 // NVD: CVE-2002-1105

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200210-094

SOURCES

db:	VULHUB	id:	VHN-5493
db:	BID	id:	5650
db:	CNNVD	id:	CNNVD-200210-094
db:	NVD	id:	CVE-2002-1105

LAST UPDATE DATE

2024-11-22T22:58:41.339000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5493	date:	2017-10-10T00:00:00
db:	BID	id:	5650	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-094	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1105	date:	2024-11-20T23:40:36.373

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5493	date:	2002-10-04T00:00:00
db:	BID	id:	5650	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-094	date:	2002-09-05T00:00:00
db:	NVD	id:	CVE-2002-1105	date:	2002-10-04T04:00:00