Preview Tool

Cisco Bug: CSCup19373 - IOS AP Doesn't reject SmartPhone with wrong user name

Last Modified

Dec 01, 2014

Products (1)

  • Cisco Aironet 3700 Series Access Points

Known Affected Releases


Description (partial)

While Cisco AirProvision establishes HTTP connection with Cisco AP, it is seen that Cisco AP only validates password and not user name. For example: When AP Username / Password is set to admin/admin. Upon sending query Cisco/admin; Cisco Universal AP does allow and authenticate SmartPhone HTTP Get Query. If user manually enters invalid user name with valid password from AP command prompt, it disallows such authentication.

This is a generic limitation All Cisco Access Points via HTTP connection is getting established from WEB. While CLI validates both username and password any query sent from WLC GUI does conduct validation for embedded password only. At present Cisco Unified Access Points offer limited HTTP support when operating in Connected (CAPWAP) mode. Therefore this condition is not valid such majority of the Cisco CAPWAP Access Points and applicable to FlexConnect and Universal Access Points only.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.