[cisco-voip] the "cucm-uds" http directory

Lelio Fulgenzi lelio at uoguelph.ca
Fri Feb 21 15:52:01 EST 2014


I'm guessing most stuff does require authentication, but I've already found a few things that require no authentication whatsoever. 

Without directing my worries to a particular demographic, my main concern is we have open, unauthenticated network ports on campus that anyone can use. And with some unencrypted wireless still going on, it won't take much for someone to grab credentials to use. 

My stance has always been, userID/password shouldn't be the only protection. 

I'm hoping my reverse proxy admin can capture the bulk of the files/directories under cucm-uds that he needs to make the ucmuser pages work. 

*sigh* 


--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 

----- Original Message -----

From: "Stephen Welsh" <stephen.welsh at unifiedfx.com> 
To: "Lelio Fulgenzi" <lelio at uoguelph.ca> 
Cc: "cisco-voip (cisco-voip at puck.nether.net)" <cisco-voip at puck.nether.net> 
Sent: Friday, February 21, 2014 3:41:13 PM 
Subject: Re: [cisco-voip] the "cucm-uds" http directory 

LOL ;) 


Your guess is right, more and more will be added to this API over time, however it does follow proper authentication rules, so a end user credentials are used to authenticate to the API and they only get access to their settings/devices. 


Are you worried some of your students will find out how to “abuse” this interface? 


Stephen 



On 21 Feb 2014, at 20:31, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 





ok, it looks like there are some pretty simple calls that can be made according to: 

https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/ 

i'm now officially worried. 

is there a data dictionary available for this stuff? i suspect it's only going to get bigger. 

i'm wondering if we can turn it off without too much impact. 


--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 

----- Original Message -----

From: "Lelio Fulgenzi" < lelio at uoguelph.ca > 
To: "Stephen Welsh" < stephen.welsh at unifiedfx.com > 
Cc: "cisco-voip ( cisco-voip at puck.nether.net )" < cisco-voip at puck.nether.net > 
Sent: Friday, February 21, 2014 3:25:33 PM 
Subject: Re: [cisco-voip] the "cucm-uds" http directory 


Thanks Stephen. This helps. I did some searching and came up with little with respect to what's actually it might be used for now. My concern is that the old "corporate" directory has somehow been moved/replicated to calls in this directory. However, I can't find any reference to new URLs, etc. 

I'm guessing that with little effort, someone can write an tool to search the corporate directory through our reverse proxy and gain access to telephone directory information that we need to keep private. 

Can you share any more information? In particular, are there only APIs available in this directory, or are there even more user friendly pages that can be served up? 

Lelio 




--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 

----- Original Message -----

From: "Stephen Welsh" < stephen.welsh at unifiedfx.com > 
To: "Lelio Fulgenzi" < lelio at uoguelph.ca > 
Cc: "cisco-voip ( cisco-voip at puck.nether.net )" < cisco-voip at puck.nether.net > 
Sent: Friday, February 21, 2014 3:09:09 PM 
Subject: Re: [cisco-voip] the "cucm-uds" http directory 

Hi Lelio, 


This is a REST based API that is used for all user related information (and more in the future). 


It’s officially release with CUCM 10, however it was technically added back in 8.6 and used by a few Cisco applications. 


It should help to provide better isolation between end user and admin level access. 


You can find more info here: 


https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/ 


Thanks 


Stephen 



On 21 Feb 2014, at 19:56, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 

<blockquote>



We're going through the process of testing our reverse proxy setup to allow users to access the "ucmuser" pages. There has been a marked improvement in so much as it seems there are no files from the "ccmadmin" directory being served out for ucmuser activities. 

However, we have noticed files being served from the "cucm-uds" directory. 

Can anyone comment on what contents this directory holds and whether or not there are admin related pages here? 

Thanks, Lelio 



--- 
Lelio Fulgenzi, B.A. 
Senior Analyst, Network Infrastructure 
Computing and Communications Services (CCS) 
University of Guelph 

519‐824‐4120 Ext 56354 
lelio at uoguelph.ca 
www.uoguelph.ca/ccs 
Room 037, Animal Science and Nutrition Building 
Guelph, Ontario, N1G 2W1 

_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 




_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 
</blockquote>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140221/5bbd429f/attachment.html>


More information about the cisco-voip mailing list