PROBLEM:
A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials.
PLATFORM:
Cisco Identity Services Engine (ISE) 1.x
ABSTRACT:
A vulnerability was reported in Cisco Identity Services Engine
REFERENCE LINKS:
SecurityTracker Alert ID: 1028965
CVE-2013-3471
IMPACT ASSESSMENT:
Meduim
DISCUSSION:
A vulnerability was reported in Cisco Identity Services Engine. A remote user can obtain authentication credentials.The system stores the username and password of an authenticated user within hidden HTML form fields. A remote or local user can conduct a cross-site scripting or clickjacking attack to access the username and password of an authenticated session.
IMPACT:
Disclosure of authentication information
SOLUTION:
The vendor has issued a fix.