Guest

Preview Tool

Cisco Bug: CSCvv12433 - WebUI Improper Session Management

Last Modified

Sep 07, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.12.4

Description (partial)

Symptom:
Cisco IOS XE Web Server does not invalidate a users session if that user is deleted by another admin.

Conditions:
Device configured with HTTP Server.

The session management is based on the cookie and it is an expected behaviour to not allow further session if the user log trys to log in after their account has been deleted, but it will not abruptly terminate the existing session; if another admin deletes their account.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.