Guest

Preview Tool

Cisco Bug: CSCul22300 - Log only valid user names for failed login attempts (SEC-USR-MESS)

Last Modified

Sep 24, 2019

Products (1)

Known Affected Releases

1.0(0)

Description (partial)

Symptom:
Product does not meet baseline security requirement SEC-USR-MESS.

When generating an audit message for a failed login attempt caused by an incorrect username/password pair:
· If the username given is a valid one, then the username MUST be included in the audit message.
· If the username given is not a valid one, then the username MUST NOT be included in the audit message (due to common mistake of user accidentally typing in password into the user name field).

Conditions:
Baseline requirement is always present.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.