Cisco Bug: CSCup19373 - IOS AP Doesn't reject SmartPhone with wrong user name
Dec 01, 2014
- Cisco Aironet 3700 Series Access Points
Known Affected Releases
Symptom: While Cisco AirProvision establishes HTTP connection with Cisco AP, it is seen that Cisco AP only validates password and not user name. For example: When AP Username / Password is set to admin/admin. Upon sending query Cisco/admin; Cisco Universal AP does allow and authenticate SmartPhone HTTP Get Query. If user manually enters invalid user name with valid password from AP command prompt, it disallows such authentication. Conditions: This is a generic limitation All Cisco Access Points via HTTP connection is getting established from WEB. While CLI validates both username and password any query sent from WLC GUI does conduct validation for embedded password only. At present Cisco Unified Access Points offer limited HTTP support when operating in Connected (CAPWAP) mode. Therefore this condition is not valid such majority of the Cisco CAPWAP Access Points and applicable to FlexConnect and Universal Access Points only.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases