Guest

Preview Tool

Cisco Bug: CSCvi98301 - Git1277: [dnac platform] Remote Server password & passphrase are displayed as "Clear Text" in logs

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)

Known Affected Releases

DNAC1.1.4

Description (partial)

Symptom:
A vulnerability in logging components of Cisco DNA Center could allow an authenticated, local attacker to gain access to sensitive information.

The vulnerability is due to unsafe logging of sensitive information, including credential information, within system logs. An attacker could exploit this vulnerability by viewing system 
logs. An exploit could allow the attacker to gain access to sensitive information and conduct further attacks.

Conditions:
When configuring the Backup Server settings, the remote server password and passphrase is displayed in ''Clear Text''.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.