User Community Feedback

Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.

NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.

Change password function does not require re-authentication for admin user in BroadWorks

On the BroadWorks R22 platform, the administrator password can be changed without having to verify the old password. This was flagged as a security risk by the security vendor (EY) during a security audit on the BroadWorks' XSP server.

EY can only lower this issue to Low, considering that there is 2FA for the initial access and only accessible via secure VPN. Can Cisco/BroadSofat consider the old password in the change of password for administrator via the XSP's web portal?

  • Peng Hwee Ng
  • Jul 26 2021