Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2137
Views
3
Helpful
21
Replies

CSCwn09816 - RADIUS Shared Secret Masking

Go to solution
Tamas Demeter
Level 1
Level 1

‎09-29-2025 04:27 AM - edited ‎09-29-2025 04:28 AM

Hi,

we have version 3.3.0.430 with patch 3,4,6,7 installed and we are hitting this bug still.

The known fixed version is 3.3.0.430 patch 5. Won't patch 6 and 7 contain the fix from patch 5?

Additionally: we are hitting this when modifying a device on the Administration -> Network devices page (for example adding a new IP will change the Radius password to ******** ) I can easily reproduce this with a test device.

1 person had this problem
Labels:
0 Helpful
21 Replies 21

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame
In response to Network Diver

‎10-14-2025 07:07 AM

 

 @Network Diver  No worries here pal , I am married (LOL!)

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Go to solution
adn25
Level 1
Level 1

‎10-16-2025 11:33 PM

image.png

0 Helpful

Go to solution
Network Diver
Level 3
Level 3

‎11-05-2025 09:24 PM

Reply from Cisco TAC: There is a new bug that matches this behaviour: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp06928 

Go to solution
Tamas Demeter
Level 1
Level 1

‎11-11-2025 02:34 AM

Indeed, I opened a TAC case and they released a new patch for 3.4 (patch 4) - and it seem to have fixed the issue in our Lab.

The patch for 3.3 will be released at the end of the month, I'm looking forward to patch our Production and test it.

Go to solution
jeaves@cisco.com
Cisco Employee
Cisco Employee

‎11-17-2025 11:03 AM

Sorry for all the confusion. ISE patches are always cumulative.

CSCwn09816 (RADIUS Shared Secret Masking After Switch Reload Causes Authentication Failures) led the ISE team to add a pop-up message when 'Show Password in Plaintext' option is unchecked.

That pop-up message includes the following text when 'Show Password in Plaintext' option is unchecked: "Disabling this option hides the Show button for Network Device RADIUS shared secrets and IPsec pre-shared keys. The RADIUS shared secret will remain hidden when accessing network devices using the ERS API and during their export. The IPsec pre-shared key will also remain hidden when accessed using Open API. If Cisco ISE is integrated with Cisco Catalyst Center, do not disable this option. Disabling it will lead to incorrect configuration of RADIUS shared secret keys for network devices."

The actual fix for the issue is within Catalyst Center. That DDTS entry is CSCwn51980 (DNAC to Use PATCH operation instead of PUT), documented integrated releases are 2.3.7.10, 3.1.5 and 3.2.1.

Until the permanent fix is implemented, a workaround to recover the password is to manually re-enter the shared secret on ISE and enable the "Show Password in Plaintext" option.

 

0 Helpful

Go to solution
Gaetan Longree
Level 1
Level 1
In response to jeaves@cisco.com

‎11-18-2025 02:37 AM

jeaves@cisco.com wrote:
[...] The actual fix for the issue is within Catalyst Center.

This is a bit of a misleading statement - even without integration in Catalyst Center, the issue can occur. The root cause of the behavior is still within the ISE GUI/API handling, not within Catalyst Center.

Go to solution
Tamas Demeter
Level 1
Level 1
In response to jeaves@cisco.com

‎11-19-2025 07:42 AM

By permanent fix do you mean a patch for Cisco ISE? We really don't want to wait for a patch in Catalyst Center, as we are not using it at all.

0 Helpful
Customers Also Viewed These Support Documents