Cisco IOS-based Devices Disclose Valid User Account Names to Remote Users
|
|
SecurityTracker Alert ID: 1007316 |
|
SecurityTracker URL: http://securitytracker.com/id/1007316
|
|
CVE Reference:
CAN-2003-0512
(Links to External Site)
|
Date: Jul 28 2003
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 11.x - 12.2(4)JA
|
Description:
An information disclosure vulnerability was reported in the AP1100 Model 1120B Series of wireless devices, but also affects all Cisco IOS-based systems. A remote user can determine if a user account name is valid or not.
VIGILANTe reported that if the telnet sevice is enabled with authentication, a remote user can determine valid account names on the target device by using brute force guessing techniques. If the remote user specifies a valid user account name, the system will then request a password (followed by a "% Login invalid" response if the password is not correct). If the remote user specifies an account name that does not exist, the system will display a "% Login invalid" response and will not request a password, according to the advisory.
The VIGILANTe advisory covers the Cisco AP1100 Model 1120B series of wireless devices. However, Cisco has indicated that all Cisco IOS-based devices are affected (including non-wireless devices). Cisco reports that this behavior occurs if the "aaa new-model" command is not used.
Reda Zitouni of VIGILANTe is credited with discovery.
The vendor was reportedly notified on June 19, 2003.
|
Impact:
A remote user can determine valid user account names.
|
Solution:
A patch (c1100-k9w7) was reportedly released on July 3, 2003 for the Aironet devices.
For IOS-based devices in general, Cisco has described a workaround. The preferred workaround is to disable telnet access and instead use SSH for remote administration. A different workaround involving the use of the "add new-model" command is also described in the vendor's advisory.
The vendor advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Jul 2003 11:42:08 -0400
Subject: Cisco Aironet AP1100 Valid Account Disclosure Vulnerability
|
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm
CVE: CAN-2003-0512
Versions: Firmware version 12.2(4)JA and earlier.
VIGILANTe reported a vulnerability in the Cisco Aironet AP1100 Model 1120B Series Wireless
devices.
If the telnet sevice is enabled with authentication, a remote user can reportedly
determine valid account names on the target device by using brute force guessing
techniques. If the remote user specifies a valid user account name, the system will then
request a password. If the remote user specifies an account name that does not exist, the
system will display a ""% Login invalid" response.
The vendor was reportedly notified on June 19, 2003. A patch was reportedly released on
July 3, 2003. A vendor advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
Reda Zitouni of VIGILANTe is credited with discovery.
|
|
