Guest

Preview Tool

Cisco Bug: CSCvv35195 - XR PCE/XTC server local username/password not properly removed for REST API

Last Modified

Sep 16, 2020

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

7.0.1.TOOLS

Description (partial)

Symptom:
- The XTC/PCE server is configured on the XR device (cXR/eXR).
- REST API is configured with "authentication basic" along with local username/password for the REST API users.

Conditions:
- This is a day-1 issue and affects all XR platforms (cXR and eXR). This is platform independent issue.
- XR 6.3.3+ onwards are potentially affected releases but it may also affect earlier releases too.

IDENTIFICATION:

- The "debug pce rest" and "debug pce rest api" are configured on the device. 
- We see that after the REST client initiates the session with incorrect user/pass the following debugs are observed: 

RP/0/RP0/CPU0:hrp1mde-401#RP/0/RP0/CPU0:Aug 11 10:17:55.426 CEST: pce_server[1141]: DBG-REST:[140472055269120] rest_peer_handle:1158 Peer <CLIENT>:33830: HTTP request (len 185): GET /topo/subscribe/txt?hostname=<HOST> HTTP/1.1^M Authorization: Basic dXN1d2FleHRjOllxRXVUYmNsZmUxUEdZNUFlWklp^M User-Agent: curl/7.29.0^M Host: <IP>:8080^M Accept: */*^M ^M
RP/0/RP0/CPU0:Aug 11 10:17:55.426 CEST: pce_server[1141]: DBG-REST-API:[140472055269120] rest_peer_handle:1234 Query string is: GET /topo/subscribe/txt?hostname=<HOST> HTTP/1.1
RP/0/RP0/CPU0:Aug 11 10:17:55.426 CEST: pce_server[1141]: DBG-REST:[140472055269120] rest_peer_handle_auth:922 User OK, password not configured -> allow    <<<<<<
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.