Details of VAR-200312-0197

ID

VAR-200312-0197

CVE

CVE-2003-1096

TITLE

Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks

Trust: 0.8

sources: CERT/CC: VU#473108

DESCRIPTION

The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. Successful attackers will be able to gain unauthorized access to affected networks

Trust: 1.98

sources: NVD: CVE-2003-1096 // CERT/CC: VU#473108 // BID: 8755 // VULHUB: VHN-7921

AFFECTED PRODUCTS

vendor:	cisco	model:	leap	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	leap	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#473108 // BID: 8755 // CNNVD: CNNVD-200312-100 // NVD: CVE-2003-1096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1096
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#473108
value:	18.98
Trust: 0.8
CNNVD:	CNNVD-200312-100
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-7921
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-1096
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7921
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#473108 // VULHUB: VHN-7921 // CNNVD: CNNVD-200312-100 // NVD: CVE-2003-1096

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-100

TYPE

Design Error

Trust: 0.9

sources: BID: 8755 // CNNVD: CNNVD-200312-100

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7921

EXTERNAL IDS

db:	BID	id:	8755	Trust: 2.8
db:	CERT/CC	id:	VU#473108	Trust: 2.5
db:	NVD	id:	CVE-2003-1096	Trust: 1.7
db:	OSVDB	id:	15209	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-100	Trust: 0.7
db:	CISCO	id:	20030803 DICTIONARY ATTACK ON CISCO LEAP VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20031003 DICTIONARY ATTACK AGAINST CISCO'S LEAP, WIRELESS LANS VULNERABLE	Trust: 0.6
db:	BUGTRAQ	id:	20040407 RELEASE OF CISCO ATTACK TOOL ASLEAP	Trust: 0.6
db:	BUGTRAQ	id:	20031006 WEAKNESSES IN LEAP CHALLENGE/RESPONSE	Trust: 0.6
db:	XF	id:	12804	Trust: 0.6
db:	EXPLOIT-DB	id:	23212	Trust: 0.1
db:	VULHUB	id:	VHN-7921	Trust: 0.1

sources: CERT/CC: VU#473108 // VULHUB: VHN-7921 // BID: 8755 // CNNVD: CNNVD-200312-100 // NVD: CVE-2003-1096

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml	Trust: 2.8
url:	http://www.securityfocus.com/bid/8755	Trust: 2.5
url:	http://www.securityfocus.com/archive/1/340119	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/340365	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/473108	Trust: 1.7
url:	http://www.osvdb.org/15209	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/12804	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108135227731965&w=2	Trust: 1.0
url:	http://www.cisco.com/en/us/products/hw/wireless/ps5279/prod_bulletin09186a00801cc901.html	Trust: 0.8
url:	http://www.cisco.com/en/us/tech/tk722/tk809/technologies_tech_note09186a00801aa80f.shtml	Trust: 0.8
url:	http://www.cisco.com/en/us/netsol/ns339/ns395/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml	Trust: 0.8
url:	http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm	Trust: 0.8
url:	http://www.computerworld.com/mobiletopics/mobile/story/0,10801,85637,00.html?f=x68	Trust: 0.8
url:	http://www.unstrung.com/document.asp?doc_id=41185	Trust: 0.8
url:	http://asleap.sourceforge.net/	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/12804	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108135227731965&w=2	Trust: 0.6
url:	http://www.cisco.com/en/us/netsol/ns110/ns175/ns176/ns178/networking_solutions_package.html	Trust: 0.3
url:	/archive/1/340119	Trust: 0.3
url:	/archive/1/340565	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108135227731965&w=2	Trust: 0.1

sources: CERT/CC: VU#473108 // VULHUB: VHN-7921 // BID: 8755 // CNNVD: CNNVD-200312-100 // NVD: CVE-2003-1096

CREDITS

The disclosure of this issue has been credited to the vendor.

Trust: 0.9

sources: BID: 8755 // CNNVD: CNNVD-200312-100

SOURCES

db:	CERT/CC	id:	VU#473108
db:	VULHUB	id:	VHN-7921
db:	BID	id:	8755
db:	CNNVD	id:	CNNVD-200312-100
db:	NVD	id:	CVE-2003-1096

LAST UPDATE DATE

2024-08-14T14:00:47.061000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#473108	date:	2004-05-20T00:00:00
db:	VULHUB	id:	VHN-7921	date:	2017-07-11T00:00:00
db:	BID	id:	8755	date:	2003-10-03T00:00:00
db:	CNNVD	id:	CNNVD-200312-100	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1096	date:	2017-07-11T01:29:44.290

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#473108	date:	2003-10-30T00:00:00
db:	VULHUB	id:	VHN-7921	date:	2003-12-31T00:00:00
db:	BID	id:	8755	date:	2003-10-03T00:00:00
db:	CNNVD	id:	CNNVD-200312-100	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1096	date:	2003-12-31T05:00:00