Vulnerabilities > CVE-2007-1068 - Credentials Management vulnerability in multiple products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

cisco

meetinghouse

CWE-255

NVD

Published: 2007-02-22

Updated: 2017-07-29

Summary

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Secure Services Client 4.0 Cisco Secure Services Client 4.0.5 Cisco Secure Services Client 4.0.51 Cisco Security Agent 5.0 Cisco Security Agent 5.1 Cisco Trust Agent 1.0 Cisco Trust Agent 2.0 Cisco Trust Agent 2.0.1 Cisco Trust Agent 2.1	9
Application	Meetinghouse Meetinghouse Aegis Secureconnect Client Windows_Platform	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References