CVE-2003-0512

Sažetak

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
http://www.kb.cert.org/vuls/id/886796
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

27-08-2003 - 04:00