Preview Tool

Cisco Bug: CSCul22300 - Log only valid user names for failed login attempts (SEC-USR-MESS)

Last Modified

Sep 24, 2019

Products (1)

Known Affected Releases


Description (partial)

Product does not meet baseline security requirement SEC-USR-MESS.

When generating an audit message for a failed login attempt caused by an incorrect username/password pair:
· If the username given is a valid one, then the username MUST be included in the audit message.
· If the username given is not a valid one, then the username MUST NOT be included in the audit message (due to common mistake of user accidentally typing in password into the user name field).

Baseline requirement is always present.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.