Reda Zitouni

Name of the Vulnerable Software and Affected Versions: Cisco IOS versions 12.2 and earlier Description: The issue allows remote attackers to identify valid usernames on the system by generating a "% Login invalid" message instead of prompting for a password when an invalid username is provided. This can be used to conduct brute force password guessing attacks. Recommendations: For Cisco IOS versions 12.2 and earlier, consider restricting access to the login functionality to minimize the risk of exploitation. As a temporary workaround, limit the number of login attempts to prevent brute force attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.