The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving Default Connection settings, which could allow local users to gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vpn_5000_client | Cisco | 5.1.2 (including) | 5.1.2 (including) |
| Vpn_5000_client | Cisco | 5.2.1 (including) | 5.2.1 (including) |
References
- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
- http://www.iss.net/security_center/static/10129.php
- http://www.osvdb.org/7041
- http://www.securityfocus.com/bid/5736
- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
- http://www.iss.net/security_center/static/10129.php
- http://www.osvdb.org/7041
- http://www.securityfocus.com/bid/5736