CVE-2007-1068
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
Los métodos de autenticación (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, y (10) FAST en Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent, (CSA) versiones 5.0 y 5.1 (cuando ha sido implementado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, almacena las credenciales de autenticación transmitidas en archivos de registro de texto plano, lo que permite a usuarios locales obtener información confidencial por medio de la lectura de estos archivos, también se conoce como CSCsg34423.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-02-21 CVE Reserved
- 2007-02-22 CVE Published
- 2024-07-17 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://osvdb.org/33046 | Vdb Entry | |
http://www.securityfocus.com/bid/22648 | Vdb Entry | |
http://www.securitytracker.com/id?1017683 | Vdb Entry | |
http://www.securitytracker.com/id?1017684 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32626 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml | 2017-07-29 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/24258 | 2017-07-29 | |
http://www.vupen.com/english/advisories/2007/0690 | 2017-07-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Secure Services Client Search vendor "Cisco" for product "Secure Services Client" | 4.0 Search vendor "Cisco" for product "Secure Services Client" and version "4.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Services Client Search vendor "Cisco" for product "Secure Services Client" | 4.0.5 Search vendor "Cisco" for product "Secure Services Client" and version "4.0.5" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Services Client Search vendor "Cisco" for product "Secure Services Client" | 4.0.51 Search vendor "Cisco" for product "Secure Services Client" and version "4.0.51" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Security Agent Search vendor "Cisco" for product "Security Agent" | 5.0 Search vendor "Cisco" for product "Security Agent" and version "5.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Security Agent Search vendor "Cisco" for product "Security Agent" | 5.1 Search vendor "Cisco" for product "Security Agent" and version "5.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Trust Agent Search vendor "Cisco" for product "Trust Agent" | 1.0 Search vendor "Cisco" for product "Trust Agent" and version "1.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Trust Agent Search vendor "Cisco" for product "Trust Agent" | 2.0 Search vendor "Cisco" for product "Trust Agent" and version "2.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Trust Agent Search vendor "Cisco" for product "Trust Agent" | 2.0.1 Search vendor "Cisco" for product "Trust Agent" and version "2.0.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Trust Agent Search vendor "Cisco" for product "Trust Agent" | 2.1 Search vendor "Cisco" for product "Trust Agent" and version "2.1" | - |
Affected
| ||||||
Meetinghouse Search vendor "Meetinghouse" | Aegis Secureconnect Client Search vendor "Meetinghouse" for product "Aegis Secureconnect Client" | windows_platform Search vendor "Meetinghouse" for product "Aegis Secureconnect Client" and version "windows_platform" | - |
Affected
|