Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN 5000 RADIUS PAP authentication vulnerability

The Cisco VPN 5000 series concentrator running firmware versions 6.0.21.0002 and 5.2.23.003 (and prior) sends the user's password in plain text to the RADIUS server in PAP authentication validation retry request packets. Attackers sniffing the network may be able to recover the user's password.

1 REPLY
Cisco Employee

Re: Cisco VPN 5000 RADIUS PAP authentication vulnerability

Hi,

PAP as a protocol is very weak when it comes to Security, and thats why it should be avoided if you have a better way of implementing this.

Regards,

Aamir

-=-

192
Views
0
Helpful
1
Replies