Cisco Bug: CSCtb66678 - Security vulnerability - AD password is being sent in clear text to AD.
Jun 30, 2015
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: ACS sends the credentials to join the machine to Active Directory in clear text when using "Test Connection" button.. Conditions: "Test Connection" is used during the initial setup or configuration of joining ACS with an AD Domain. Once selected a connection is attempted using the domain, username and password as entered. These credentials are sent in the clear.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases