Preview Tool

Cisco Bug: CSCuo90528 - WSA - weak hardening of support account credential algorithm

Last Modified

Feb 12, 2018

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

7.1.3-MR-021 7.5.2-HP2-303 7.7.5-190 8.0.0-503 8.0.5-075

Description (partial)

Cisco WSA includes a functionality to allow Cisco support personnel to remotely connect to the device for troubleshooting purpose.
The device includes an account that is used to provide this connection. This account can be enabled and disabled by the Cisco SMA administrator
and it is turned off by default.
To enable the account the Cisco WSA administrator needs to select a pass-phrase that is then used as seed to an algorithm that will calculate
the final password to access the device for a support representative.

The algorithm to generate the account password, starting from the pass-phrase selected by the administrator, has been found not properly
protected within the Cisco WSA binary so an attacker could potentially access this algorithm and retrieve the final support account password if
he has the knowledge of the pass-phrase set by the device administrator.

This bug is open to increase the security of the algorithm and store it in a better way on the device.

This issue has been reported to Cisco by Glafkos Charalambous.

An attacker would need to have a knowledge of the pass-phrase that the Cisco WSA admin used when enabled the support account, and have the
support account enabled
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.