Guest

Preview Tool

Cisco Bug: CSCvi10813 - SEE-24 - Cisco Umbrella Dashboard Session Expiration Issue

Last Modified

Mar 15, 2019

Products (1)

  • Cisco Umbrella

Known Affected Releases

ALL

Description (partial)

Symptom:
Cisco Umbrella uses the internet's infrastructure to block malicious destinations before a connection is ever established. Umbrella provides
visibility into internet activity across all devices, over all ports, even when users are no longer on the corporate network. Umbrella is
configured and managed via a browser-based interface.

On March 14, 2018, the Umbrella Dashboard was updated to enforce new default session timeout values. The session timeout values were changed due
to a report by an external researcher concerned about session timer exploitation. The new session timers impact idle and absolute timeouts for
all Umbrella Dashboard sessions. Additionally, this change helps to better align the Umbrella Dashboard with OWASP recommendations.

Conditions:
An Umbrella Dashboard site prior to the fix on March 14, 2018.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.