Symptom

ISE should be hardened to use Cookie or POST to pass Session Identifiers.

Conditions

Session ID is passed with URL /adm/liveAuthenticationDetail.do

Workaround

none

Further Problem Description

PSIRT Evaluation

The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html