Cisco Bug: CSCvv12433 - WebUI Improper Session Management
Sep 07, 2020
- Cisco IOS
Known Affected Releases
Symptom: Cisco IOS XE Web Server does not invalidate a users session if that user is deleted by another admin. Conditions: Device configured with HTTP Server. The session management is based on the cookie and it is an expected behaviour to not allow further session if the user log trys to log in after their account has been deleted, but it will not abruptly terminate the existing session; if another admin deletes their account.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases