Suggest A Fix PC Support Forums > Cisco PIX firewall discloses passwords

Full Version: Cisco PIX firewall discloses passwords

Suggest A Fix PC Support Forums > Security > Security News and Warnings

73-997563179

Oct 13 2001, 10:43 AM

4.3(2)g; possibly other versions [Note: This is the Firewall Manager version number, not the PIX version number]

Novacoast reports a vulnerability in the Cisco PIX Firewall Manager application that discloses the PIX device password to local users.

It is reported that PIX Firewall Manager will save the PIX firewall enable password in plaintext in an unencrypted log file when a successful connection is made. This log file apparently has no access restrictions. A local user (on the management workstation) can obtain the PIX Firewall device passwords and gain full access to the firewalls.

The application is reported to create a log file named 'PFM.LOG' in the 'C:\Program
Files\Cisco\PIX Firewall Manager\protect' directory. The enable password will appear in an entry such as this:

Aug 01 2001 14:59:18 <Receiving msg> - 9004 192.168.1.100 0 0 0 1 5 **enable_pswd_here**

Cisco recommends that customers upgrade to PIX version 6 and use the PIX Device Manager instead of the PIX Firewall Manager.

For Cisco security alert page: http://www.cisco.com/warp/public/707/SSH-multiple-pub.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.