Guest

Preview Tool

Cisco Bug: CSCvv97913 - [ENH] Username is not included in Login Failed CIMC audit logs.

Last Modified

Oct 06, 2020

Products (1)

  • Sourcefire Defense Center

Known Affected Releases

6.4.0.9

Description (partial)

Symptom:
Username is not included in Login Failed CIMC audit logs after installing "BIOS Update Hotfix CJ" on FMC 4000 

When login attempt is made by someone using an invalid username, the username is not included in CIMC audit logs. This is different when the CIMC interface is running the firmware version 2.0(1b) as shown in log extract below:

CIMC interface running firmware version 2.0(8d) - Invalid username (e.g. "JoeBloggs") used in login attempt is NOT included in logs

C220-FCH2040V12Z# show version
Firmware Version
--------------------
2.0(8d)
C220-FCH2040V12Z# scope cimc
C220-FCH2040V12Z /cimc # scope log
C220-FCH2040V12Z /cimc/log # show entries
Time                Severity      Source           Description
------------------- ------------- ---------------- ----------------------------------------
2020 Sep 30 07:32:11 Notice        BMC:AUDIT:25146  Login failed (ip:X.X.X.X, service:sshd)
2020 Sep 30 07:32:11 Error         BMC:dropbear:-   " pam_auth_status(sshd:auth): Login Failed for host=X.X.X.X "
2020 Sep 30 07:32:11 Critical      BMC:dropbear:-   " pam_local_manager(sshd:auth): Authentication Failure "

Conditions:
CIMC interface running firmware version 2.0(8d) - "BIOS Update Hotfix CJ"
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.