---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco VPN Concentrator Group Name Enumeration Weakness SECUNIA ADVISORY ID: SA15765 VERIFY ADVISORY: http://secunia.com/advisories/15765/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: >From remote OPERATING SYSTEM: Cisco VPN 3000 Concentrator http://secunia.com/product/90/ DESCRIPTION: NTA Monitor has reported a weakness in Cisco VPN 3000 Concentrator, which can be exploited by malicious people to gain knowledge of certain information. The problem is that the device returns different responses depending on whether or not a valid group name is supplied when the device is configured for group name authentication. Once a valid group name is guessed, this can further be used to obtain the hash of the group password. SOLUTION: Update to version 4.7.1. Use another authentication method. PROVIDED AND/OR DISCOVERED BY: Roy Hills, NTA Monitor. ORIGINAL ADVISORY: NTA Monitor: http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm Cisco: http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/471con3k.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------