Cisco IOS 12.2 and previous versions generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote malicious users to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios 12.2\\(14.5\\)t |
||
cisco ios 12.2\\(15\\)zn |
||
cisco ios 12.2\\(11\\)ja1 |
||
cisco ios 12.2\\(14.5\\) |
||
cisco ios 12.0\\(24\\)s1 |
||
cisco ios 12.0\\(24.2\\)s |
||
cisco ios 12.2\\(16.1\\)b |
||
cisco ios 12.2\\(15.1\\)s |
||
cisco ios 12.2\\(16\\)b |