Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
http://www.securityfocus.com/bid/5612
http://www.iss.net/security_center/static/10022.php
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml