SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#563673

Cisco Adaptive Security Appliance insecurely logs passwords

Overview

The Cisco Adaptive Security Appliance (ASA) firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled.

I. Description

The Cisco Adapative Security Appliance (ASA) is a firewall with Intrusion Protection System (IPS), Stateful Packet Inspection (SPI), and routing features. The Cisco ASA includes Authentication, Authorization and Accounting (AAA) support that allows adminsitrators and users to use a single set of credentials to manage multiple devices.


When setting up or troubleshooting the ASA server's AAA authentication features, the test button can be used to confirm that the AAA service is functioning properly.

When the test button is clicked, the AAA username and password will be sent to the syslog service in plain text. If remote syslog is enabled, the credentials will be transmitted across the network in plain text, and stored on the syslog server in plain text.

In the below screenshot, the vulnerable input box has been highlighted.


II. Impact

Authentication credentials may be stored in plain text, possibly on remote servers. The credentials may also be sent unencrypted over the network.

III. Solution

See the "Sytems Affected" section of this document for more information about obtaining updates.


The following workarounds may partially mitigate this vulnerability:

  • Check log files for stored AAA credentials, and change passwords if needed.
  • Use management VLANs to seperate syslog network traffic from other devices on the network.
  • Use access controls, file permissions, and physical security to ensure that syslog files can not be read by unauthorized individuals.

Systems Affected
VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Vulnerable5-Sep-2007

References


http://www.cisco.com/en/US/products/ps6120/index.html
http://en.wikipedia.org/wiki/Vlan
http://secunia.com/advisories/26677/

Credit

This vulnerability was reported and discovered by Lisa Sittler of CERT/CC.

This document was written by Ryan Giobbi.

Other Information

Date Public:2007-09-05
Date First Published:2007-09-05
Date Last Updated:2007-10-01
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:0.13
Document Revision:20

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader