Guest

Preview Tool

Cisco Bug: CSCvu76883 - ECE application chats auto login parameters

Last Modified

Sep 04, 2020

Products (1)

  • Cisco Enterprise Chat and Email

Known Affected Releases

11.6(1)ES7

Description (partial)

Symptom:
1. The user is getting is a blank page when clicking on the chat entry point Link host on the website from a different domain when the system is using the auto-login feature and CORS(X-Frame-Options=SameOrigin) is enabled in IIS and user is using IE as the browser for the chat entry point. There is an error in syntax in the documentation for the URL copied for auto-login feature and documentation need to be updated. 

2. User parameters such as Name, Phone No., and Email ID being passed in the URL forwarded from Host website to ECE web server in clear text and this is a security risk as someone could impersonate the information and use that for his purpose. The same works fine using the different browsers such as Chrome or Firefox and we get the auto-login works fine and user information is not passed in the URL forwarded from the Host website to the ECE web server.

Conditions:
ECE version 11.6 ES7 with Chat
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.