CVE-2006-5806

Name of the Vulnerable Software and Affected Versions: Cisco Secure Desktop versions prior to 3.1.1.45

Description: The issue concerns the storage of sensitive browser session information in a directory outside of the vault when the SSL VPN Client is configured to spawn a web browser after a successful connection. This information is not cleared after the VPN connection terminates, allowing local users to read unencrypted data. The lack of restriction on saving files outside of the vault further exacerbates the issue.

Recommendations: For versions prior to 3.1.1.45, update to version 3.1.1.45 or later to resolve the issue. As a temporary workaround, consider restricting user access to sensitive directories and implementing additional security measures to protect unencrypted data.