Guest

Preview Tool

Cisco Bug: CSCvu33019 - ENH: Add AAA(Radius)/DTLS support on the ASA

Last Modified

Jun 03, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.10(1.177) 9.10(1.37) 9.10(1.38) 9.10(1.39) 9.10(1.40) 9.10(1.41) 9.12(2.125) 9.12(2.130) 9.12(2.135) 9.12(2.140) 9.12(2.141) 9.12(2.145) 9.12(2.196) 9.12(2.205) 9.12(2.206) 9.12(2.26) 9.12(2.27) 9.12(2.28) 9.12(2.29) 9.12(2.30) 9.12(2.31) 9.12(2.32) 9.12(2.33) 9.12(3.10) 9.12(3.100) 9.12(3.101) 9.12(3.102) 9.12(3.11) 9.12(3.12) 9.12(3.160) 9.12(3.161) 9.12(3.167) 9.12(3.168) 9.12(3.169) 9.12(3.196) 9.12(3.205) 9.12(3.210) 9.12(3.220) 9.12(3.225) 9.13(1.10) 9.13(1.155) 9.13(1.225) 9.13(1.230) 9.13(1.231) 9.13(1.235) 9.14(0.121) 9.14(1) 9.14(1.1) 9.14(1.2) 9.14(1.205) 9.14(1.3) 9.14(1.4) 9.14(1.5) 9.14(1.6) 9.14(1.7) 9.14(1.8) 9.14(1.9) 9.15(0.150) 9.15(0.151) 9.15(0.152) 9.6(4.41) 9.8(4.163) 9.8(4.19) 9.8(4.20) 9.8(4.21) 9.8(4.235) 9.9(2.150) 9.9(2.158) 9.9(2.67) 96.4(0.51) 98.4(0.26) 98.4(0.27) 98.4(0.28) 99.10(1.110) 99.10(1.111) 99.10(1.112) 99.12(3.32) 99.12(3.33) 99.12(3.34) 99.12(3.35) 99.12(3.36) 99.12(3.37) 99.12(3.38) 99.12(3.39) 99.12(3.40) 99.12(3.41) 99.12(3.42) 99.12(3.43) 99.12(3.44) 99.12(4.1) 99.12(4.10) 99.12(4.11) 99.12(4.12) 99.12(4.2) 99.12(4.3) 99.12(4.4) 99.12(4.5) 99.12(4.6) 99.12(4.7) 99.12(4.8) 99.12(4.9) 99.13(2.28) 99.13(2.29) 99.13(2.30) 99.14(1.136) 99.14(1.137) 99.14(1.138) 99.14(1.139) 99.14(1.140) 99.14(1.141) 99.14(1.142) 99.14(11.... 99.14(11.1) 99.14(11.2) 99.14(11.3) 99.14(11.4) 99.14(11.5) 99.14(11.6)

Description (partial)

Symptom:
The RADIUS protocol defined in RFC 2865 has limited support for authentication and encryption of RADIUS packets.  The protocol transports data in the clear, although some parts of the packets can have obfuscated content.  Packets may be replayed verbatim by an attacker, and client-server authentication is based on fixed shared secrets.

Need to enhance DTLS for ISE(Radius)/ASA communication as the current encryption method is too week (md5 password encryption) .

Conditions:
-
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.