Preview Tool

Cisco Bug: CSCua89647 - CSM: IPS Updates Downloads via HTTP GET with Basic Auth (Cleartext)

Last Modified

Nov 10, 2016

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.0(1) 4.1(0) 4.2(0) 4.3(0)

Description (partial)

During automatic signature update for IPS, after connecting to the Cisco website using https, CSM is redirected to the download server using plain http 
(as expected and documented), but authentication is performed again, and the CSM sends user credentials in clear text.

CSM configured for automatic update for IPS
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.