Guest

Preview Tool

Cisco Bug: CSCuo96011 - ESA - weak hardening of support account credential algorithm

Last Modified

Aug 29, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.3.2-024 7.6.3-019 8.0.1-023 8.5.5-280

Description (partial)

Symptom:
Cisco ESA includes a functionality to allow Cisco support personnel to remotely connect to the device for troubleshooting purpose.
The device includes an account that is used to provide this connection. This account can be enabled and disabled by the Cisco ESA administrator
and it is turned off by default.
To enable the account the Cisco ESA administrator needs to select a pass-phrase that this then used as seed to an algorithm that will calculate
the final password to access the device for a support representative.

The algorithm to generate the account password, starting from the pass-phrase selected by the administrator, has been found not properly
protected within the Cisco ESA binary so an attacker could potentially access this algorithm and retrieve the final support account password if
he has the knowledge of the pass-phrase set by the device administrator.

This bug is open to increase the security of the algorithm and store it in a better way on the device.

This issue has been reported to Cisco by Glafkos Charalambous.

Conditions:
An attacker would need to have a knowledge of the pass-phrase that the Cisco ESA admin used when enabled the support account, and have the
support account enabled
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.