Cisco Systems, Inc. Affected

Notified:  July 11, 2007 Updated: September 05, 2007



Vendor Statement

This issue is documented as CSCsj72903 - "Additional sanitization needed for syslog message %ASA-5-111008". Customers with support contracts can read the details at For those customers without service contracts, here is the full Release Note of said bug: Symptom: Executing the command test aaa-server authentication server_tag host ip_address username username password password from either the command line of a PIX/ASA device or from the ASDM GUI will result in the following message being sent to the syslog server (if one is configured) and/or the internal logging buffer (if configured) %ASA-5-111008: User 'administrator' executed the 'test aaa-server authentication TACACS username testuser password testpassword' command. being 'testuser' the username and 'testpassword' the password provided as arguments to the command. Conditions: The issue only happens when a privileged user (one with a privilege level allowing it to execute the "test aaa" command, by default, level 15) executes the "test aaa" command and the device is configured to log events at level 5 (notifications) or above. Workaround: Configure the PIX/ASA device not to log a message 111008 by entering the following command in global configuration mode: no logging message 111008 Not logging message 111008 does NOT affect the functioning of the "test aaa-server" command. Further Problem Description: Starting with release for the 8.0 train, for the 7.2 train, for the 7.1 train and for the 7.0 train, the password is replaced with asterisks. Versions of the PIX software pre-7.0 are NOT affected by this issue. Cisco Systems would like to thank CERT/CC for bringing this issue to our attention.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.