Guest

Preview Tool

Cisco Bug: CSCuq39489 - Prime infrastructure checks only 8 characters for root shell password

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Prime Infrastructure

Known Affected Releases

2.1(2)

Description (partial)

Symptom:
Cisco Prime Infrastructure devices may not validate the entire password length supplied for the 'root enable' and 'root' commands entered from the 
administrative command line interface.  The vulnerability exists due to the use of an older hashing algorithm which only validates the first 8 characters of 
the supplied password length.  This can result in extended length passwords not being properly validated.

The 'root enable' and 'root' commands can only be used by an authenticated administrator.

Conditions:
Devices running an affected version of Cisco Prime Infrastructure.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.