Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/26677 | third party advisory broken link |
| http://www.securitytracker.com/id?1018660 | vdb entry third party advisory broken link |
| http://www.kb.cert.org/vuls/id/MIMG-74ZK93 | third party advisory us government resource |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36473 | vdb entry third party advisory |
| http://osvdb.org/37499 | vdb entry broken link |
| http://www.securityfocus.com/bid/25548 | vdb entry third party advisory broken link |
| http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903 | broken link vendor advisory |
| http://www.kb.cert.org/vuls/id/563673 | third party advisory us government resource |
| http://www.vupen.com/english/advisories/2007/3076 | vdb entry third party advisory broken link |