Cisco Bug: CSCul22300 - Log only valid user names for failed login attempts (SEC-USR-MESS)
Sep 24, 2019
Known Affected Releases
Symptom: Product does not meet baseline security requirement SEC-USR-MESS. When generating an audit message for a failed login attempt caused by an incorrect username/password pair: · If the username given is a valid one, then the username MUST be included in the audit message. · If the username given is not a valid one, then the username MUST NOT be included in the audit message (due to common mistake of user accidentally typing in password into the user name field). Conditions: Baseline requirement is always present.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases