Cisco Bug: CSCvt91693 - ENH: ASA Password-management should support user level minPwdLength field
Aug 25, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: When using LDAP with password management, ASA queries for password settings during the domain level attribute search. So for every user the password reset message is populated by a notice that requests that the user adhere to the domain default password length requirements. However when the user has been placed in a group that is forced to adhere to FGPP/PSO with different length/complexity requirements than the default, Anyconnect still prompts them for the domain default value instead of the FGPP define length. As an example: FGPP defined on DC requires a 20 character minimum and user is in fact required to adhere to this when setting the password, so the message displayed by Anyconnect is misleading. Conditions: Active Directory groups with Fine Grained Password Policies that have different minimum length requirements than the default policy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases