After doing quite a bit of investigation on the LocalDirector password loss question, we've been unable to reproduce it and unable to find anything in the code that would explain it. The reporting customers also can't reproduce it. We *can*, however, see ways in which a user could lose the password and not know it. At this point, we think it was very probable that the reports were caused by user errors. We'll be fixing the user interface to make it more difficult to lose your password without knowing it. We'll also be doing some more testing to make sure the software isn't really broken. At this point, however, we believe the initial report to have been an error. A formal update to the field notice is attached to this message. -- John B -----BEGIN PGP SIGNED MESSAGE----- Field Notice: Cisco LocalDirector Enable Password Loss November 25, 1997, 10:00 AM US/Pacific, Revision 4 - ------------------------------------------------------------ Summary - ----- At least three customers have reported losing their enable passwords upon upgrading to version 1.6.3 of Cisco's LocalDirector product. Affected systems allow users to enter privileged mode without providing the correct enable password; any string will suffice as a password. This applies only to the privileged-mode enable password; the Telnet access password does not appear to be affected. The reported behavior was total loss of the configured enable password; the systems in question were simply left without enable passwords. An earlier version of this notice attributed this to a possible software malfunction, and suggested that users refrain from upgrading to version 1.6.3, and that they disable Telnet access to their LocalDirectors by nonadministrative users. Cisco has conducted an investigation, and now believes that the reported LocalDirector password losses were most probably caused by user error. Because a LocalDirector with no enable password set will still ask the user for a password, and will accept any string, any accidental loss of the enable password is likely to persist. Cisco will continue investigating this matter in order to make absolutely certain that the LocalDirector software does not lose passwords, but recommends that customers stand down from alert status and proceed cautiously with LocalDirector upgrades. Cisco will modify the LocalDirector software to make it more difficult for users to lose their enable passwords without knowing it. Who Is Affected - ------------- Although we believe that the reported incidents were probably caused by user error, such errors are easy to make. All LocalDirector customers should check to see that their enable passwords are being enforced properly. Use the enable command to enter privileged mode, and give an invalid password. If the invalid password is not accepted, you are not affected. If the invalid password is accepted, make sure you have an enable password set, using the write terminal command. If your enable password appears as a string of zeroes followed by the word "encrypted", then you have no enable password set. If you have a password set, or if you are absolutely sure that you had a password that had been set and saved to the nonvolatile configuration, but that password has now disappeared without any intervention on your part, please contact Cisco Systems immediately via e-mail to "security-alertat_private" In the unlikely event that there actually is a software error, that error probably affects all 1.6.x versions of the LocalDirector software. However, version 1.6.3 is the only 1.6.x version that has been released to Cisco's general customer base, and Cisco discourages the use of other 1.6.x versions because of possible software instability. Because the LocalDirector code is almost entirely separate from the code used in other Cisco products, it is nearly impossible that any product other than the LocalDirector is affected by any software error, although of course user errors can happen with any product. Classic \cisco IOS, as used on Cisco routers, shares absolutely no password or configuration management code with the LocalDirector, and is therefore definitely not affected. WAN-BU and WBU products, including Catalyst switches and FastPacket switches, are likewise definitely not affected. Impact - ---- If a LocalDirector has no enable password, then any person who can log into the system via Telnet or over its its console port can reconfigure or shut down the LocalDirector. Workarounds - --------- Cisco recommends that customers take the following steps. Most of these are things that should be done regardless of whether or not there's any problem with the LocalDirector software. 1. Check to make sure that enable passwords are being enforced by all LocalDirectors. If you find that a LocalDirector is not enforcing its enable password, changing the password using the enable password configuration command should reactivate the password. Remember to save the new password using the write memory command. Recheck password enforcement after any software upgrade or downgrade. If you are certain that a formerly working enable password has been lost by the software, please contact Cisco via e-mail to security-alertat_private 2. Make sure that you have configured a Telnet access password for your LocalDirector using the password configuration command. If you're not sure of the secrecy of your Telnet password, consider changing it. Do not give untrustworthy persons Telnet access to your LocalDirector. 3. Consider using firewalling devices to block Telnet access from untrusted hosts, and/or restricting access from remote hosts using the address-and-mask feature of the LocalDirector telnet configuration command. If you have a dial-in modem connected to your LocalDirector's console port, or if you have the console port connected to a network device that allows remote access, protect the console using the authentication features of the modem or network device to which it is connected. Exploitation and Public Announcements - ----------------------------------- Cisco has had no reports of malicious exploitation of this vulnerability, if indeed any vulnerability exists. This issue was first brought to Cisco's attention by a public announcement on the bugtraqat_private mailing list on Thursday, November 13, 1997. There has been some subsequent discussion on that mailing list. Cisco issued a preliminary notice about this issue on November 16, 1997. Investigation Details - ------------------- Cisco's investigation of this issue has included: * Extensive and repeated attempts by independent groups in customer support and in software development to reproduce the problem in the laboratory, using a number of LocalDirectors under a variety of conditions. * Telephone and/or e-mail discussion with all the reporting users. * A review of the system source code by the software development group. One of the Cisco groups trying to reproduce the problem believed that they had seen it recur. However, this was during a very early phase of the laboratory work, just as the test configuration was being set up, and before detailed experimental records were being kept. Since confusion and error are very common in such situations, Cisco believes it to be entirely plausible that the observation was an error, perhaps caused by failure to issue a write command. Cisco has been otherwise unable to induce a LocalDirector to lose a password, despite aggressive attempts to do so. None of the reporting users has been able to reproduce the problem, or to provide Cisco with an exact account of the conditions under which her password may have been lost. Each customer observed that a LocalDirector which was believed formerly to have had an enable password no longer had such a password, but none could give a detailed sequence of events or provide enough information to allow the problem to be reproduced. * In one of the three cases, the password loss had occurred at an undetermined time, perhaps long in the past, and the user thought that it was possible that the password loss error scenario below might apply. * In the second case, the user was unsure of the sequence of events. * In the third case, the user's password apparently had not actually been lost. The source code review identified no problems. The code in question is relatively straightforward, and appears to have little potential for hidden bugs. Password Loss Scenarios - --------------------- We've come up with two scenarios in which a LocalDirector might end up without an enable password when a user thought that it should have such a password. The first possibility is that the user confuses the password command, which sets the password for remote access, with the enable password command, which sets the password for administrative access. If this happened, there would be no enable password, but the user might think one had been set. The second scenario is particularly plausible in an upgrade. If a user saved the configuration from a running LocalDirector by saving the output of show config, and then erased the LocalDirector's configuration memory, upgraded the software, and pasted the saved configuration back into the system, the passwords would be lost. This is because show config does not display any password-related information. Because a LocalDirector with no enable password set will accept any string, either of these mistakes might easily go unnoticed for a very long time. Future Work and Updates - --------------------- Cisco will continue working to verify that the LocalDirector password maintenance software is error free. Updated versions of this notice will be posted on Cisco's Worldwide Web site if more information becomes available. Notice will be posted widely if any genuine password loss problem is found. Cisco will modify the LocalDirector software's password prompting and checking behavior in the case where a password is not set; the new software will no longer accept any string as a password in this case. We expect that this will make it more difficult for a user to lose a password without knowing it. The change is tentatively scheduled for the first quarter of 1998, but that schedule is subject to change. Distribution of This Notice - ------------------------- This notice is being sent to the following Internet mailing lists and newsgroups: * ciscoat_private * comp.dcom.sys.cisco * bugtraqat_private * first-teamsat_private (includes CERT/CC) Updates will be sent to some or all of these, as appropriate. This notice will be posted in the Field Notices section of Cisco's Worldwide Web site, CCO, which can be found under Technical Tips in the Service and Support section. The copy on the Worldwide Web will be updated as appropriate. The URL is http://www.cisco.com/warp/public/770/ldpass-pub.shtml. Cisco Security Procedures - ----------------------- Please report security issues with Cisco products, and/or sensitive security intrusion emergencies involving Cisco products, to security-alertat_private Reports may be encrypted using PGP; public RSA and DSS keys for security-alertat_private are on the public PGP keyservers. The alias security-alertat_private is used only for reports incoming to Cisco. Mail sent to security-alertat_private goes only to a very small group of users within Cisco. Neither outside users nor unauthorized Cisco employees may subscribe to security-alertat_private We will shortly be creating a security announcement mailing list for outgoing information. When that list is created, an announcement will be sent to appropriate Internet forums. Revision History - -------------- Revision 2, 09:00, Preliminary notice 16-NOV-1997 Revision 4, 10:00, Updated notice. Password losses formerly 25-NOV-1997 attributed to software failure now attributed to user error. This notice is copyright 1997 by Cisco Systems, Inc. This notice may be redistributed freely provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNHs7SwyPsuGbHvEpAQFeLwf/eH7Wzfy2tH3ieX3WmcmxJ53AkriXZge0 K5stvsZxIaYi8kalh39/bjpe9/looHbMtmMtlQfy1fY9CFD3fZ9UZa1DZi1NEMa4 78xAH7jgo885qBT9/a1vFU+FHobmkUXxEBFLW1//qGjFWtoeV/YTKpE7TqQTy/E0 R6zJlZJ9NSAQq6xv/h0aBVHlxQPJggBe6BRyJvXS7nuL98IPw1ttY35IeppT2Bqy q46FxjqejPDSnuYlxu6fmm7pEDRaqRRajLgptKwW4H6broT7N2p73BWqCPUeXNOX NSQqyWyhopA9PoU7jPK5Ql3b9ZUKSxI3VChTlHYCGzSLseGOGk38JA== =uLHt -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQGhBDPvjDARBAD82RXM1EyVSEpL6mpDMyxI8Scc22yVqRYL+Ckv0SXHEPaZNIgQ blVx32jyfnmGIZeVYK2sDRTB6vXJt1k+R5HRRhTG7fB0f309gT/Zgmk64zC7L4nL Qp6fNEVJLfxRdrwXCOPfBf56Y8vKBFZSvwK4qLNHurMP2MVUuYfCl2UpHwCg/6Wz FTHW34HvDKgD+3k0ap0lMq8EAME9i5IEdwTnGO2zsyyc/gw6QKoSGNEkbGmciZuk AQTulVKQpYMv1jIm6Uy91HbsR0mUWxPzCBPCvJzvZOW0O+AJq4m/h1dQD2kdIHt+ nYAdfZjY26YUpB6gfFmQucGhH/o8GfhkmN6Lw21+gx4lctfia2/46poasCNo961y KyuQA/ID6qpHargBoOk2n/av9jV1Rox8vhYVGwQhmVpYVUMzdw8ldo3CejaqyW97 IyOU7tZo4WUzJ2Z3sG0DHdim+VoeDjb5hsd34MzoGL7KjRFGldbNr2H/DhmItLyz xJ5YXgMXNGy3IhfOjCwZsGhZ1eTddxbD7rb7+VN/ROhTpCSXtEdDaXNjbyBTeXN0 ZW1zIFByb2R1Y3QgU2VjdXJpdHkgSW5jaWRlbnQgUmVzcG9uc2UgVGVhbSA8cHNp cnRAY2lzY28uY29tPrRQQ2lzY28gU3lzdGVtcyBwcm9kdWN0IHNlY3VyaXR5IGlu Y2lkZW50L2J1ZyByZXBvcnRpbmcgPHNlY3VyaXR5LWFsZXJ0QGNpc2NvLmNvbT65 Ag0EM++MTxAIANfnEviV6GSqF/7SMetsaCkKUe/TmcEtoYRdE9ZorvLlruvSaFHM gXCg4SqyC689BJJBaKN2MTYIV0T3idlbHp4mXHDyU28tTEFenA9m4ER0PxEO/wIT I3XoOO7SCxUnxyvxPy8Jn9PYBHMpF+iWqUbzLsX4tZI7LJj73i0vi+5tGNaBBFu4 cD2UJis7lb/CSK7bb4RJ6lHYVWHtbcFApwSRheeusvN0YwKpPg5hy6gwaUSKtddJ DadcJcQ/G2I820onsqgYRfDncEBYuLavuu2h5CuR+Qz6jrwNUAX1f6UxC2WYY7ts p+wzQJ9VuTnKQEFPc6GIoiSSeyV3KibzVZ8AAgIIAKDBdTFi6kQSB1+x7XQgQ8SN L0HFjtr25TMJr/eeU6m1NkrtCVg3llA+lhTmpork6ZDu3GXp/IW02o246G57Z23p HU1VkEwjsWl1sdUY5QH+wIV6uZJubZW1TroDI86l0m7WeWC+mqQXn6GuvkX+YpF5 qU1OCY9Pnen6sWkYXiqE5LW3USyYxglTac8EQqcs3JYevV1/M6oTWXdMSEDV2/Bq d9g5qZBYQFkkftdW6YsJPMGgn2EIyu4kTyazk3UafH/yqemCbGX6S5j3krCoIMwf UpeOHPB1OxACLB0loA2cwCpq5p7WhXUCyRuqdXYN50NUrmKDo8+hsL/e89PofQWZ AQ0DM++M2AFtAQgA0rsqUAdCxqMH23R11iGtk2Zo6fI8vxPkllEOru5J/cd9dn2B wT4NTf/b9O4JruX8/R9uWlS3E6jYVJyN2Dpl39X7wUf77B8fsY/4zaUkjDU39Q2E t+pR7tElm0C8BvZVGkDelXzXqeCTQfu1vZHICy7cfsy/BMNlpn93OEz/jS4PPZs5 SORqjEL9wouw/44MvJ08rdc/OOr1eKkLcBfzMMtuMAxLI1OlA/hzY28h/pfhDhAP 7Jkm7R1gDyL9ALYX1xvixPp8q2hEQ3BUtCEfCTHAouqbKiQss5ntC9DDVGqzxlQT ijk4V1/Re+pbb4LX4JZDln3ztkcMj7Lhmx7xKQAFEbRHQ2lzY28gU3lzdGVtcyBQ cm9kdWN0IFNlY3VyaXR5IEluY2lkZW50IFJlc3BvbnNlIFRlYW0gPHBzaXJ0QGNp c2NvLmNvbT6JARUDBRAz74zYDI+y4Zse8SkBAWVjCACT3Ia+8fVGzPd1ACBvMFGI Dry7lhhf9vz+flpOu3ErVn0qW2N0ONxT+u/Z+qbCGxz1DYlgTWt7+KJRS7FNNdzE J2ct9nvnDo/u/VdoTwdtpe9RtiYW4rG+HMjqCdnc5YSpVD8/VEHvPNLAe28wA6au S3L68XPyDjfa0N5T9YSJ/Q8B41qyxWMgETeZIVyegX0/BHv73zegsj5BRPP4pnem juvsRMVcFqJ7wxjm8yjZrR2zoZSysxWkWInbOu5IIlAm9VWh71VP2mD3Z8fDq9Jh kF/qNw937eRSMBwBlCPkmS6jlC0Nz4mkKzoDglL6eTZQ9iKwU5/EeNHZu/f3rKaV iQA/AwUQM++M9JaBp3w9UuB/EQLzmwCgtbsVjd1ZZcuJkPoVs3cbzX9JibYAoLcQ 8+WP7M0y3zdSUEhHToFY6E+ZiQA/AwUQM++N6GFYFsU6zlX+EQKEywCggc3awk02 yj6RivcbYFn3Qon77scAn29CR0lHAjsdLIv6LJ9BLdhXiK8piQCVAwUQM++6KXem vD4nAHb9AQG6OQQAq/GzwDk4yT9MPy25AwBMgsPGePRkZ6kBXTBsmMnHxthDniyE Xqvg6XJYRU86f2wyfzVDJY55qmukl9haCqe3Inxo7gyHaB8ji4rMqfmEn2fjbiAv dw5wlQqYBEEYWAviAHpBlTqT7naq5u/TyAdgENROnFu1jLT39uJ4RPpO7o2JAHUD BRAz8OcoAFBd0vcu1XkBAQHWAwCe0KmW5QKgf1Kmf7hEEpBT2pViNkv3J7tB33Py 4ohQYztUUwP8QJq9EQR3qCBgUJfa3VhXWPrzTn6hE7H/GHEJ7g5IbY9fo1DHcxyE xaBBKIEoWKR/FdxsNPBTgcaT9TyJAJUDBRAz8OTdGKb4qo5nGiEBAU7QA/4+RFkA yy4YnrZc6Y7btnCgHXIwH4tqFL3NaVVS4KsGzQ2WgLRRz1rJ3D61aqvk9Tz3vY5m YwjWY+eOwBqjuEl5UUQqY2kn6c8XHnp+Y7XfwPqH7V5hixcwSTHgU0diav+E/1FP sm6oUKEHh4cC0vfsYOjqlSoilF1sjqKZT5MZZIkAlQMFEDPw6Yx61S0GnPSVuQEB meoD/1VyOvmqnEQsTBiYmEGKHgSFrRs95vEOlP/ANCVYXwpBVP51Vrj+RcNkNJAQ 5xX5D5nRgDGoUVpYcjUJivalH6MOrPHF2zG/As9onZira+dv9SjM/MJhdpGvx0oT YtpGlQh79+uloqCAZ9P4c/flZZICRLjI/3Uj73HDbEAcLsX8iQA/AwUQM/DxS7iw R2HEkUMHEQJK7gCfRWzVa9mGDX4X2BdUB1Z5l5DCM+MAn2SIHiZS3o94TVhp+jTL 2HWHbnPjiQCVAwUQM/DpqtRZvFG/tj1hAQGsZgP8DJgX+4foQlVnDD+gBKXmnG3Z D1hHkpvrR/tGww6LjxKAhXSWtQKTysQ3seIQyUxLOOq0K4A9vFzzmW1gDZXwYwG7 PXoNn4uyGY3YF2jke+Unug41F9POcBp4pUfjQxgj7iiPRn6ZduEhPjw6RBRpYDH5 fF3Mu5/E01TygWisn8WJARUDBRAz81dfH2q6+RwPtwkBAcNnCACSHlH85LxLMRVY 46WdQ9Joj8809J4p0Q469Tkrq7wMyxv8znvvl+D2loIaL5SeBGIvfFaPKQnN+un3 gX/R3g+l2RxBQRqjr65kGAhsMr1L9bRsMAUKAKfDLbQk9fEmB2KRBvQYsHM/7fVY eXglIxdO40AUnzPtRz9rYlZ7dBn7Dy5k/kjIBKKZhgu77X0fGjh9hP9s45D3vnNq sKBoM7pvgdTrwYbdarK2a4GPpWm7XHkhr1w2nGA+a0zjCDzfObHTp8NMY3z0Rgeu 3t2W7EIF6zE+FSyZmfTvVd2rXMxgjMeeziPHAJESnmQ0y0+xQoDx1IDhQ7YF2Q6r khfqxxM6iQA/AwUQM/KsxSLcSmI6S/dwEQKA0QCfR1O0vDQ0M8ef9c+DHPyNydGz OOQAnRscGYHbrrXrN1yuA9mti29pz2BViQCVAwUQM/EQTX+11HSaYdsJAQE7ZgQA 8Z5GzK1Qd4vu1Rt0OAubPp9yug2QmTqyNAsDDQdiqcdvCF9cK8VCYBvTRaHDjFBx Jd6PclQlLBcPIQnkCE4Pch1OQomckDzXEnNgleGnyQlMXT0zm+gHl5mDUWnRtwTD drYxfLdJZFZ8ntJIDYN7t0Gl/ag5l4j0C5GW0d9WYo+0UENpc2NvIFN5c3RlbXMg cHJvZHVjdCBzZWN1cml0eSBpbmNpZGVudC9idWcgcmVwb3J0aW5nIDxzZWN1cml0 eS1hbGVydEBjaXNjby5jb20+iQEVAwUQM++NXQyPsuGbHvEpAQEIKwf/eLwnERXH CP4X999/aUJEMPzd8lMaFg1i84ALFhpFKzWHBnWkBZItTM35xzciq5v51P3OBu5u scU/yRgHmg/ESH3abJXt3SKMsjzZE1zvKuqX0wjYf3Ihh2CtPZo/3wpsa6XGuLdT 0dDUCdU8Tjd67wX3p+CI6CBGoMqLuVY/0AO9xoo7drVoOT9fYQ7UjSNIkxN9nVzI yWmaudOzeLnHaVf7jYYeOmADe1YaVM3oMVZrmTZ1TtPMTd0ovWrPll27zVYx1PjE NuTZDpnysa7agoD5hemtKUXR0GwbeoVMpIWCceKNNPh8kjb6B5sTOl7y8ZR/gUld CaNn5sbZ1N1QrIkAPwMFEDPvjXSWgad8PVLgfxECp2MAn1VUzoaLFiek6lky++m4 qTc4ejAoAJ9DE/8NyaqDkq0M+d3qEcxpVsQEBokAPwMFEDPvjflhWBbFOs5V/hEC GTAAoNaAhsFpD+qhH0X8IyGaljO1ywwHAKDYNOETuHePkca+yLDLwyxlmYurmYkA lQMFEDPvuil3prw+JwB2/QEBcpsD/25lxJqT+7jW4W6jDm7CTJ2OR8fPtdEUrj0d fujPCgltXJ3OVREwg69vCl/rCz9sVPKEzVFEbdvkTmjimxeg1ajBcb642SZMuFcg E60fhNyNsteyktZSI20E2UnZ0MrGK33J7Vn/1xPCl9o3ICa1vRo8E3ixnyvoGaB3 jhXHSdIviQCVAwUQM/Dk6him+KqOZxohAQEn9QQAtd5uSls7cYT+MZvjWrMxyhNV e3eSqHWZjXImWg8SWVey0/XI7ze5zMt8+GEpQoAaD9ZlLl4WthNG8iq7YdnsXQ99 OqpF4pRSvsYVv5BRPO3XvwNDN8jJMdP7jcIgwXo08Zt1YWTDMxpSNcF7ARfZ5M2D V9FKhgLris+9IRcWeemJAJUDBRAz8OmTetUtBpz0lbkBAdxmBACq97OI8lyJWvN1 qeZQca3wtrauXWpehi1gBxLnWBUPYPGV78nVIi/JFbKxMTT6zxf7ODDvXNBebngp Qp2gVO8TJ6tzrk2dVUKA9Sk03z8fRdSk13WhnYoojPPebFBtXBrnSxEq9gEVSj2Z R9u/5qUUrjKtZqoAXcPHfwqJCuo5rYkAPwMFEDPw8fC4sEdhxJFDBxEC75sAmgMQ NrF121TfmZ6QKCU2NscuY5H6AKCJinLR8Hwm00kTSTfFAO5bQfy4bYkAlQMFEDPw 6bfUWbxRv7Y9YQEBJtkD/3BgNhOa+2hK68jTI4hMaCaHyRII4wCZeKSEjoBJnLwa GQ9fs5jbJtfYjDtdcCkvSZy4OvXcWb7Gu31PKbJgBtGeY+Ns+fUahhUz+is35H+3 +ZuV91v56SW8wqcKEDt40V9g1TP5X6VE+QfXnoScFdjCbOViwoR6saPEkujJASuy iQA/AwUQM/Ks2CLcSmI6S/dwEQKghwCeOY2rw3OcrQdiDCJxZhSMMCa17pAAoIrq 3Epb5UdZEnZxJ/aZpGR/ROaaiQCVAwUQM/EQdH+11HSaYdsJAQGKBAP+LRkDVCwW NCpAAFOag6ou3SmFfxD19qRfLPbjlm3nLk6wYvbSXBVp1VXMRJkdmCXSxMe0vo1r xCMoL66qVutyHrSgifPPN6AYNPKTTNUx5o0Ck5xXf4PWoy8cfvyrKJtd/wDi4Ryf WOsZNYKVAf1ItbZse243ICsgMAduzZLgygo= =OrTt -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:34 PDT