Cisco IOS-based Devices Disclose Valid User Account Names to Remote Users
|
|
SecurityTracker Alert ID: 1007316
|
|
CVE Reference: CAN-2003-0512
(Links to External Site)
|
Date: Jul 28 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Advisory: VIGILANTe
|
Version(s): 11.x - 12.2(4)JA
|
Description: An information disclosure vulnerability was reported in the AP1100 Model 1120B Series of wireless devices, but also affects all Cisco IOS-based systems. A remote user can determine if a user account name is valid or not.
VIGILANTe reported that if the telnet sevice is enabled with authentication, a remote user can determine valid account names on the
target device by using brute force guessing techniques. If the remote user specifies a valid user account name, the system will
then request a password (followed by a "% Login invalid" response if the password is not correct). If the remote user specifies
an account name that does not exist, the system will display a "% Login invalid" response and will not request a password, according
to the advisory.
The VIGILANTe advisory covers the Cisco AP1100 Model 1120B series of wireless devices. However, Cisco has indicated
that all Cisco IOS-based devices are affected (including non-wireless devices). Cisco reports that this behavior occurs if the
"aaa new-model" command is not used.
Reda Zitouni of VIGILANTe is credited with discovery.
The vendor was reportedly notified
on June 19, 2003.
|
Impact: A remote user can determine valid user account names.
|
Solution: A patch (c1100-k9w7) was reportedly released on July 3, 2003 for the Aironet devices.
For IOS-based devices in general, Cisco
has described a workaround. The preferred workaround is to disable telnet access and instead use SSH for remote administration.
A different workaround involving the use of the "add new-model" command is also described in the vendor's advisory.
The vendor
advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml (Links to External Site)
|
Cause: Access control error, State error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Jul 2003 11:42:08 -0400
Subject: Cisco Aironet AP1100 Valid Account Disclosure Vulnerability
|
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
CVE: CAN-2003-0512
Versions: Firmware version 12.2(4)JA and earlier.
VIGILANTe reported a vulnerability in the Cisco Aironet AP1100 Model 1120B Series Wireless
devices.
If the telnet sevice is enabled with authentication, a remote user can reportedly
determine valid account names on the target device by using brute force guessing
techniques. If the remote user specifies a valid user account name, the system will then
request a password. If the remote user specifies an account name that does not exist, the
system will display a ""% Login invalid" response.
The vendor was reportedly notified on June 19, 2003. A patch was reportedly released on
July 3, 2003. A vendor advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
Reda Zitouni of VIGILANTe is credited with discovery.
|
|
