Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0848


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0848
Last Modified 05 Sep 2008 04:29:06
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Cisco VPN 5000 series concentrator hardware and earlier, and and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.

Vulnerable Systems

Operating System

  • Cisco Vpn 500 Concentrator

  • Cisco Vpn 500 Concentrator


CISCO - 20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability

BID - 5417

XF - cisco-vpn5000-plaintext-password(9781)

Last Updated: 27 May 2016 10:37:06