CVE-2007-1068

Published: Feb 22, 2007Modified: Apr 23, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

Affected (10)

Products: Cisco: Secure Services Client, Security Agent, Trust Agent · Meetinghouse: Aegis Secureconnect Client

Cisco

3 products

Secure Services Client

Security Agent

Trust Agent

Meetinghouse

1 product

Aegis Secureconnect Client

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Services Client	Version 4.0.51
Cisco Secure Services Client	Version 4.0.5
Cisco Secure Services Client	Version 4.0
Cisco Security Agent	Version 5.0
Cisco Security Agent	Version 5.1
Cisco Trust Agent	Version 1.0
Cisco Trust Agent	Version 2.0.1
Cisco Trust Agent	Version 2.0
Cisco Trust Agent	Version 2.1
Meetinghouse Aegis Secureconnect Client	Version windows_platform