This is going to cause problems for US Government customers that are
wanting to deploy FedRAMP mode...
From
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_5_1/secugd/CUCM_BK_SEE2CFE1_00_cucm-security-guide-1151/CUCM_BK_SEE2CFE1_00_cucm-security-guide-1151_chapter_011010.html
"Credential Policy
When FedRAMP mode is enabled, the following credential policy takes
effect automatically for new passwords and password changes. After
FedRAMP mode is enabled, administrators can use the set password ***
series of CLI commands to modify any of these requirements:
Password Length should be between 14 to 127 characters.
Password should have at least 1 lowercase, 1 uppercase, 1 digit and 1
special character.
Any of the previous 24 passwords cannot be reused.
Minimum age of the password is 1 day and Maximum age of the password is
60 days.
Any newly generated password's character sequence will need to differ by
at least 4 characters from the old password's character sequence."
On 2016-08-23 00:33, Scott Voll wrote:
Sounds like one we had with Cisco Security Manager. it would send a
password under 15 characters correct because it encrypted the whole
password. but after 15 characters it would encrypt the 15 characters
and add padding to the addition characters after the encryption. rather
than sending the password with padding than encrypting it.
Reminder that if it's Cisco to make sure your password is less than 16
characters ;-)
Scott
On Sun, Aug 21, 2016 at 10:43 PM, Daniel Ohnesorge via cisco-voip
<cisco-voip@puck.nether.net> wrote:
In this case, the customer has a strict password policy and the
password was generated via an internal web app. Normally I would also
not use one that long!
On 2016-08-22 13:57, Anthony Holloway wrote:
Wow, good to know, but I cannot say that I have ever seen a password
that long on a server before. That's a first for me. I tend to still
use 8 character length. Old habit, I'm sure.
Are you consistently deploy 16+ character passwords now a days?
On Sun, Aug 21, 2016 at 5:54 PM, Daniel Ohnesorge via cisco-voip
<cisco-voip@puck.nether.net> wrote:
Hi All,
Just wanted to make you all aware of a serious installation defect with
11.5 that the Cisco DE's are currently investigating and will soon be
raising a new defect against.
Basically, the CUCM Publisher installation goes ahead fine but once you
try to install any subscriber (including the CUPS DB PUB), the
installation will fail after all Network and Connectivity checks
passed. It has taken TAC, BU and DE's 2 weeks to figure out what was
going wrong, it turns out that the password used for the Application
User is too long (even though it is withing documentation guidelines).
The password I used was 1 Uppercase, 14 lowercase, 1 number and 1
special character (underscore). DE's have been able to replicate the
issue in the lab using the same complexity. When using a password such
as ipcbu123 the installation is successful. This affects CUCM, CUPS and
CUC.
Thanks,
Daniel
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip