Executive Summary

Summary
Title Cisco Adaptive Security Appliance insecurely logs passwords
Informations
Name VU#563673 First vendor Publication 2007-09-05
Vendor VU-CERT Last vendor Modification 2007-10-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:H/Au:S/C:C/I:N/A:N)
Cvss Base Score 4.3 Attack Range Adjacent network
Cvss Impact Score 6.9 Attack Complexity High
Cvss Expoit Score 2.5 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#563673

Cisco Adaptive Security Appliance insecurely logs passwords

Overview

The Cisco Adaptive Security Appliance (ASA) firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled.

I. Description

The Cisco Adapative Security Appliance (ASA) is a firewall with Intrusion Protection System (IPS), Stateful Packet Inspection (SPI), and routing features. The Cisco ASA includes Authentication, Authorization and Accounting (AAA) support that allows adminsitrators and users to use a single set of credentials to manage multiple devices.


When setting up or troubleshooting the ASA server's AAA authentication features, the test button can be used to confirm that the AAA service is functioning properly.

When the test button is clicked, the AAA username and password will be sent to the syslog service in plain text. If remote syslog is enabled, the credentials will be transmitted across the network in plain text, and stored on the syslog server in plain text.

In the below screenshot, the vulnerable input box has been highlighted.


II. Impact

Authentication credentials may be stored in plain text, possibly on remote servers. The credentials may also be sent unencrypted over the network.

III. Solution

See the "Sytems Affected" section of this document for more information about obtaining updates.


The following workarounds may partially mitigate this vulnerability:

  • Check log files for stored AAA credentials, and change passwords if needed.
  • Use management VLANs to seperate syslog network traffic from other devices on the network.
  • Use access controls, file permissions, and physical security to ensure that syslog files can not be read by unauthorized individuals.

Systems Affected

VendorStatusDate Updated
Cisco Systems, Inc.Vulnerable5-Sep-2007

References


http://www.cisco.com/en/US/products/ps6120/index.html
http://en.wikipedia.org/wiki/Vlan
http://secunia.com/advisories/26677/

Credit

This vulnerability was reported and discovered by Lisa Sittler of CERT/CC.

This document was written by Ryan Giobbi.

Other Information

Date Public09/05/2007
Date First Published09/05/2007 11:44:01 AM
Date Last Updated10/01/2007
CERT Advisory 
CVE Name 
Metric0.13
Document Revision20

Original Source

Url : http://www.kb.cert.org/vuls/id/563673

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37 Lifting Data Embedded in Client Distributions
CAPEC-65 Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-102 Session Sidejacking
CAPEC-117 Data Interception Attacks
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-167 Lifting Sensitive Data from the Client
CAPEC-204 Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205 Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-319 Cleartext Transmission of Sensitive Information

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 41
Os 188

Open Source Vulnerability Database (OSVDB)

Id Description
37499 Cisco Adaptive Security Appliance (ASA) PIX Cleartext Password Remote Disclosure