CVE-2002-1092

Name of the Vulnerable Software and Affected Versions: Cisco VPN 3000 Concentrator versions 3.6(Rel) and earlier Cisco VPN 3000 Concentrator versions 2.x.x

Description: The issue allows remote VPN clients to log in using PPTP or IPSEC user authentication when the device is configured to use internal authentication with group accounts and without any user accounts.

Recommendations: For Cisco VPN 3000 Concentrator versions 3.6(Rel) and earlier, consider reconfiguring the device to include user accounts or to use an alternative authentication method. For Cisco VPN 3000 Concentrator versions 2.x.x, consider reconfiguring the device to include user accounts or to use an alternative authentication method. At the moment, there is no information about a newer version that contains a fix for this vulnerability.