A vulnerability in the captive portal application of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker (or local, authenticated attacker) to potentially gain access to the username and password of an authenticated session.
The vulnerability is due to improper use of hidden HTML form fields. An attacker could exploit this vulnerability by means such as Clickjacking or leveraging known cross-site scripting (XSS) vulnerabilities. A successful exploit could allow the attacker to obtain an authenticated session username and password.
David Robinson of Context Information Security discovered and reported this vulnerability to Cisco PSIRT.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.