Guest

Preview Tool

Cisco Bug: CSCvt92305 - [Enh] Availability of website/Source IP Bypass from Credential Encryption on WSA

Last Modified

Sep 15, 2020

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

11.8.0-453

Description (partial)

Symptom:
Linux machines constantly receive 401 when Credential Encryption is enabled.

[calo@localhost anchors]$ wget https://www.anysite.com
--2020-04-18 17:17:52--  https://www.anysite.com
Connecting to 10.10.10.11:3128... connected.
Proxy request sent, awaiting response... 307 Proxy Redirect
Location: https://wsa67.wsalab.local/B0001D0000N0000N0000F0000S0000R0004/10.10.36.115/https://www.gov.au/ [following]
--2020-04-18 17:17:52--  https://wsa67.wsalab.local/B0001D0000N0000N0000F0000S0000R0004/10.10.36.115/https://www.anysite.com/
Connecting to 10.10.10.11:3128... connected.
Proxy request sent, awaiting response... 401 Authorization Required
Authorization failed.

Conditions:
1. wget request is initiated from Any Linux machine
2. Basic Authentication is enabled
3. Credential Encryption is enabled
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.