A vulnerability in the Cisco VCO/4K exposes the passwords of authorized
users in an easily decrypted format in response to a read-only SNMP query.
All currently supported releases prior to VCO/4K software version 5.1.4
are vulnerable to this defect. Version 5.1.4, currently available, contains a
fix that prevents the display of the weakly encrypted passwords. Version 5.2,
to become available in early December 2000, includes that fix as well as
multiple improvements to password encryption and handling.
Free software upgrades are offered to
all affected VCO/4K customers. The defect can be worked around by limiting access to the SNMP
service on the VCO/4K.
This vulnerability is documented as Cisco Bug ID
No other Cisco product is affected by this
This advisory is available at