CVE-2007-1068

Name of the Vulnerable Software and Affected Versions: Cisco Secure Services Client (CSSC) versions 4.x Trust Agent versions 1.x through 2.x Cisco Security Agent (CSA) versions 5.0 through 5.1 Meetinghouse AEGIS SecureConnect Client (affected versions not specified)

Description: The issue affects various authentication methods, including TTLS CHAP, TTLS MSCHAP, TTLS MSCHAPv2, TTLS PAP, MD5, GTC, LEAP, PEAP MSCHAPv2, PEAP GTC, and FAST, in several Cisco products. These authentication methods store transmitted authentication credentials in plaintext log files. This allows local users to obtain sensitive information by reading these files.

Recommendations: For Cisco Secure Services Client (CSSC) versions 4.x, update the software to remove the vulnerability. For Trust Agent versions 1.x through 2.x, update the Trust Agent to a version that does not store authentication credentials in plaintext log files. For Cisco Security Agent (CSA) versions 5.0 through 5.1, ensure that a non-vulnerable Trust Agent is deployed, and update the CSA software to prevent the storage of authentication credentials in plaintext log files. For Meetinghouse AEGIS SecureConnect Client, at the moment, there is no information about a newer version that contains a fix for this vulnerability.