Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pix_firewall_manager | Cisco | 4.3(2)g (including) | 4.3(2)g (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html
- http://www.kb.cert.org/vuls/id/639507
- http://www.securityfocus.com/bid/3419
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7265
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html
- http://www.kb.cert.org/vuls/id/639507
- http://www.securityfocus.com/bid/3419
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7265