Preview Tool

Cisco Bug: CSCtb66678 - Security vulnerability - AD password is being sent in clear text to AD.

Last Modified

Jun 30, 2015

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.0(0.21.8) 5.1(0.28)

Description (partial)

ACS sends the credentials to join the machine to Active Directory in clear text when using "Test Connection" button..

"Test Connection" is used during the initial setup or configuration of joining ACS with an AD Domain. Once selected a connection is 
attempted using the domain, username and password as entered. These credentials are sent in the clear.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.