Title: Cisco PIX Firewall Manager Plaintext Password Vulnerability
Severity: MODERATE
Description:
Cisco PIX Firewall Manager (PFM) is a remote management tool that can be used to configure a Cisco PIX Firewall.
After the PFM is installed on the management workstation, the firewall administrator must make an initial connection to the PIX Firewall. Upon connection, they will be prompted for the administrative password for the firewall, which is then stored in plaintext in a log file. The folder where this log file is stored is created by default during the PFM installation and has no access restrictions.
Any user with access to the workstation can then open the log file and obtain the administrative password for the PIX Firewall.
It is important to note that a malicious user would have to obtain access to the local workstation in order to exploit this vulnerability.
Affected Products:
- Cisco PIX Firewall Manager 4.3.0(2)g
References:
- Cisco: PIX Device Manager Data Sheet
- Cisco: PIX Firewall Manager FAQ
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
