A vulnerability in Cisco VPN concentrators allows an attacker to enumerate valid groupnames on a through either a dictionary attack, or a brute-force attack. The issue exists because the concentrator responds to valid groupnames differently to the way in which it responds to invalid groupnames. The issue is believed to affect all models of Cisco VPN 3000 Concentrator: 3005, 3015, 3020, 3030, 3060 and 3080. It is believed that all software versions prior to 4.1.7.F are vulnerable.
2e460ecbb84d0cf7cfa5a0a6fbd7103c9f804914e042195662abb8fd2f0a6d00