Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0512

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0512
Last Modified 04 Mar 2009 12:18:24
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0512

Summary

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.

Vulnerable Systems

Operating System

  • Cisco Ios 12.0%2824%29s1

  • Cisco Ios 12.0%2824.2%29s

  • Cisco Ios 12.2%2811%29ja1

  • Cisco Ios 12.2%2814.5%29

  • Cisco Ios 12.2%2814.5%29t

  • Cisco Ios 12.2%2815%29zn

  • Cisco Ios 12.2%2815.1%29s

  • Cisco Ios 12.2%2816%29b

  • Cisco Ios 12.2%2816.1%29b


References

CERT-VN - VU#886796

MISC - http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm

CISCO - 20030724 Enumerating Locally Defined Users in Cisco IOS

VULNWATCH - 20030728 Cisco Aironet AP1100 Valid Account Disclosure Vulnerability


Last Updated: 27 May 2016 10:37:56