Guest

Preview Tool

Cisco Bug: CSCus83427 - Certificate Generation Through Web GUI Leaks Password

Last Modified

Feb 06, 2017

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

8.5.0-497

Description (partial)

Symptom:
A vulnerability in certificate generating process in the web interface of the Cisco Web Security Appliance could allow an authenticated, local
attacker to access sensitive information.

The vulnerability is due to unspecified conditions in the affected software that could allow the attacker to log all processes and obtain the
password used to encrypt the private keys.

Conditions:
Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.