Cisco Bug: CSCul50704 - Jabber windows/IPAD + sip logs + sipusername and password in clear text
Feb 02, 2017
- Cisco Jabber for iPad
Known Affected Releases
<B>Symptom:</B> UserJabber IPAD provisioning on VCS control via AD integration. All Jabber clients however register only on the expressway that communicates with this control. To enhance security, the provisioning template that is pushed from VCS for the IPAD jabber clients also has a SIP username and password field set so that the subzone for registration can be set to check credentials. This username and password is however stored in clear text both on TMS and the Jabber client logs. This is a big security concern as any device with this information can register to the expressway with the provisioned username and password. <B>Conditions:</B> Based on our test we see that if the TLS is enabled the Wireshark capture would no show the username and password in the clear text but you would still see the user name and password in the SIP Logs of the Movi Client. So if the end user has the access to the SIP Logs he will be able to see the username and password.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases