Vulnerability Note VU#563673
Cisco Adaptive Security Appliance insecurely logs passwords
The Cisco Adaptive Security Appliance (ASA) firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled.
The Cisco Adapative Security Appliance (ASA) is a firewall with Intrusion Protection System (IPS), Stateful Packet Inspection (SPI), and routing features. The Cisco ASA includes Authentication, Authorization and Accounting (AAA) support that allows adminsitrators and users to use a single set of credentials to manage multiple devices.
Authentication credentials may be stored in plain text, possibly on remote servers. The credentials may also be sent unencrypted over the network.
See the "Sytems Affected" section of this document for more information about obtaining updates.
The following workarounds may partially mitigate this vulnerability:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||11 Jul 2007||05 Sep 2007|
CVSS Metrics (Learn More)
This vulnerability was reported and discovered by Lisa Sittler of CERT/CC.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 05 Sep 2007
- Date First Published: 05 Sep 2007
- Date Last Updated: 01 Oct 2007
- Severity Metric: 0.13
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.