var-200210-0276
Vulnerability from variot
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. Cisco has reported that a vulnerability exists in the Windows VPN client that may result in unintended disclosure of the password. It is possible to extract the plaintext password value from a "shaded" (replaced with asterisks) field in the authentication property page using a utility. This utility may be the publicly available "Revelation" tool, however this is unconfirmed. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. A local attacker can exploit this vulnerability to conduct password recovery attacks and obtain group password information. There are design loopholes in the Cisco VPN client. These passwords were originally displayed with '*'. CISCO designated this vulnerability number as: CSCdt60391
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn client for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6"
},
{
"model": "vpn client for windows c",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
}
],
"sources": [
{
"db": "BID",
"id": "5650"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2002-1105",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-5493",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1105",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5493",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5493"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. Cisco has reported that a vulnerability exists in the Windows VPN client that may result in unintended disclosure of the password. It is possible to extract the plaintext password value from a \"shaded\" (replaced with asterisks) field in the authentication property page using a utility. This utility may be the publicly available \"Revelation\" tool, however this is unconfirmed. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. A local attacker can exploit this vulnerability to conduct password recovery attacks and obtain group password information. There are design loopholes in the Cisco VPN client. These passwords were originally displayed with \u0027*\u0027. CISCO designated this vulnerability number as: CSCdt60391",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1105"
},
{
"db": "BID",
"id": "5650"
},
{
"db": "VULHUB",
"id": "VHN-5493"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5650",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1105",
"trust": 1.7
},
{
"db": "CISCO",
"id": "20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET",
"trust": 0.6
},
{
"db": "XF",
"id": "10044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5493",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5493"
},
{
"db": "BID",
"id": "5650"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"id": "VAR-200210-0276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5493"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:58:41.339000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/5650"
},
{
"trust": 2.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10044"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10044"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5493"
},
{
"db": "BID",
"id": "5650"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5493"
},
{
"db": "BID",
"id": "5650"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5493"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "5650"
},
{
"date": "2002-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5493"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "5650"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-094"
},
{
"date": "2024-11-20T23:40:36.373000",
"db": "NVD",
"id": "CVE-2002-1105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "5650"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN Client Local Password Disclosure Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5650"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-094"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.