Guest

Preview Tool

Cisco Bug: CSCum73502 - Cisco Prime Provisioning hardening issues

Last Modified

Aug 19, 2015

Products (2)

  • Cisco Prime Collaboration
  • Cisco Prime Collaboration 9.5

Known Affected Releases

9.5

Description (partial)

<B>Symptom:</B>
Cisco Prime Provisioning is affected by the following issues:

1) Password field submitted using GET HTTP method
2) Configuration parameters passed in query strong from form fields
3) Traffic to the login page uses HTTP, instead of HTTPS
4) Session identifiers are not being regenerated on user login

<B>Conditions:</B>
Default configuration
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.