Cisco Bug: CSCuq39489 - Prime infrastructure checks only 8 characters for root shell password
Nov 27, 2020
- Cisco Prime Infrastructure
Known Affected Releases
Symptom: Cisco Prime Infrastructure devices may not validate the entire password length supplied for the 'root enable' and 'root' commands entered from the administrative command line interface. The vulnerability exists due to the use of an older hashing algorithm which only validates the first 8 characters of the supplied password length. This can result in extended length passwords not being properly validated. The 'root enable' and 'root' commands can only be used by an authenticated administrator. Conditions: Devices running an affected version of Cisco Prime Infrastructure.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases