Cisco Bug: CSCvi10813 - SEE-24 - Cisco Umbrella Dashboard Session Expiration Issue
Mar 15, 2019
- Cisco Umbrella
Known Affected Releases
Symptom: Cisco Umbrella uses the internet's infrastructure to block malicious destinations before a connection is ever established. Umbrella provides visibility into internet activity across all devices, over all ports, even when users are no longer on the corporate network. Umbrella is configured and managed via a browser-based interface. On March 14, 2018, the Umbrella Dashboard was updated to enforce new default session timeout values. The session timeout values were changed due to a report by an external researcher concerned about session timer exploitation. The new session timers impact idle and absolute timeouts for all Umbrella Dashboard sessions. Additionally, this change helps to better align the Umbrella Dashboard with OWASP recommendations. Conditions: An Umbrella Dashboard site prior to the fix on March 14, 2018.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases