topic GET Networkdevice by ID, hidden Secrets in Network Security

GET Networkdevice by ID, hidden Secrets

m.rainer — Tue, 10 Jan 2017 05:35:30 GMT

Hello,

I am using ISE 2.1 and 2.2 REST API. (tested on both version)

I am requesting a networkdevice by ID with method GET:

https://<ISE-ADMIN-NODE>:9060/ers/config/networkdevice/{id}

In the response all the "sharedSecrets" (RADIUS and TACACS) are hidden:

But as per all documentations I found so far, the response should be clear text.

Can anybody tell me how to avoid hiding the shared secrets in the networkdevice response?

Thanks a lot

Markus

Re: GET Networkdevice by ID, hidden Secrets

j656 — Wed, 23 Aug 2017 16:08:48 GMT

Marcus,

I'm seeing the same thing, ever get this resolved?

Jason

Re: GET Networkdevice by ID, hidden Secrets

thomas — Wed, 23 Aug 2017 23:02:59 GMT

I just tested with ISE 2.3.0.298 and I successfully retrieved a NetworkDevice's radiusSharedSecret in cleartext and not hidden.

The account I was using is a member of the ERS Operator RBAC group for GET-only operations.

Administration > System > Admin Access > Administrators > Admin Users:

Please verify the RBAC permissions of your account you are using for the REST APIs does not have any other RBAC limits that might prevent you from seeing the network device password.

Re: GET Networkdevice by ID, hidden Secrets

j656 — Thu, 24 Aug 2017 12:46:07 GMT

Thanks for the reply Thomas,

I'm running 2.2.0.470 Patch 1. And I've tried an account setup as both ERS Admin, and ERS Operator, but I'm still getting the output below:

<enableKeyWrap>false</enableKeyWrap>

<keyInputFormat>ASCII</keyInputFormat>

<networkProtocol>RADIUS</networkProtocol>

</authenticationSettings>

I'm assuming its a 2.2 thing.