Preview Tool

Cisco Bug: CSCul50704 - Jabber windows/IPAD + sip logs + sipusername and password in clear text

Last Modified

Feb 02, 2017

Products (1)

  • Cisco Jabber for iPad

Known Affected Releases


Description (partial)

UserJabber IPAD provisioning on VCS control via AD integration. All Jabber clients however
register only on the expressway that communicates with this control. To enhance security, the
provisioning template that is pushed from VCS for the IPAD jabber clients also has a SIP
username and password field set so that the subzone for registration can be set to check
credentials. This username and password is however stored in clear text both on TMS and the
Jabber client logs. This is a big security concern as any device with this information can
register to the expressway with the provisioned username and password.

Based on our test we see that if the TLS is enabled the Wireshark capture would no show the
username and password in the clear text but you would still see the user name and password in
the SIP Logs of the Movi Client.

So if the end user has the access to the SIP Logs he will be able to see the username and password.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.