Cisco Bug: CSCur41673 - ISE 1.2 - Unauthenticated Backup Password retrieval
Jun 09, 2016
- Cisco Identity Services Engine (ISE) 3300 Series Appliances
Known Affected Releases
Symptom: A vulnerability in the periodic backup functionality of Cisco Identity Server Engine (ISE) could allow an unauthenticated, remote attacker to capture the password used to encrypt the backup. The vulnerability is due to improper processing of a specific client request. An attacker could exploit this vulnerability by crafting a request designed to trigger the issue, causing the ISE to generate a reply that contains the backup password. Conditions: Cisco ISE devices running an affected version of ISE software and configured to perform periodic backups.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases