Cisco VPN 3000 Concentrator Groupname Enumeration Vulnerability

Cisco VPN 3000 Concentrator Groupname Enumeration Vulnerability

CVE-2005-2025 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.

Learn more about our Web Application Penetration Testing UK.