<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>They're definitely covering the bases on this one. There are a total of 6 Cisco Bug IDs directly related to this. Looks like one for each file on each product that would have contained the plaintext random key. <span style="font-family: Calibri, Arial, Helvetica, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', NotoColorEmoji, 'Segoe UI Symbol', 'Android Emoji', EmojiSymbols; font-size: 16px;">I
guess it was only a matter of time. As much as I hate to see this particular door closed, </span><span style="font-family: Calibri, Arial, Helvetica, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', NotoColorEmoji, 'Segoe UI Symbol', 'Android Emoji', EmojiSymbols; font-size: 16px;">I
understand and agree with the logic behind it.</span><span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px; line-height: 18.6667px;"></span></p>
<p><br>
</p>
<p><a href="http://www.securityfocus.com/bid/83103/discuss" id="LPlnk263027" title="http://www.securityfocus.com/bid/83103/discuss
Ctrl+Click or tap to follow the link">http://www.securityfocus.com/bid/83103/discuss</a></p>
<p><br>
</p>
<p>To those in the DRS group, I apologize for any headache this has caused. But please do not put any additional restrictions in place to unlocking backup data. As customers, we have a legitimate need to access data from backups without having to perform
a full restore. Some customers do not have the resources necessary to stand up sandbox environments for restores. Even if they do, an engineer should not have to spend an entire day restoring a system in order to fulfill a voicemail extraction request from
legal. That's the reason this program was written to begin with. DRS Message Fisher wasn't updated with an option to open encrypted backup sets by inputting the cluster security password.</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Pete</p>
<p><a href="http://www.securityfocus.com/bid/83103/discuss"></a></p>
<div id="LPBorder_GT_14607551400810.44015581622627264" style="margin-bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">
<table id="LPContainer_14607551400780.833950063296218" cellspacing="0" style="width: 90%; position: relative; overflow: auto; padding-top: 20px; padding-bottom: 20px; margin-top: 20px; border-top-width: 1px; border-top-style: dotted; border-top-color: rgb(200, 200, 200); border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: rgb(200, 200, 200); background-color: rgb(255, 255, 255);">
<tbody>
<tr valign="top" style="border-spacing: 0px;">
<td id="TextCell_14607551400800.898714751213469" colspan="2" style="vertical-align: top; position: relative; padding: 0px; display: table-cell;">
<div id="LPRemovePreviewContainer_14607551400800.9782444462759325"></div>
<div id="LPTitle_14607551400800.33451486193317614" style="top: 0px; color: rgb(0, 120, 215); font-weight: normal; font-size: 21px; font-family: wf_segoe-ui_light, 'Segoe UI Light', 'Segoe WP Light', 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; line-height: 21px;">
<a id="LPUrlAnchor_14607551400800.5257510084749517" href="http://www.securityfocus.com/bid/83103/discuss" target="_blank" style="text-decoration: none;">Multiple Cisco Unified Products CVE-2016-1319 Information Disclosure Vulnerability</a></div>
<div id="LPMetadata_14607551400810.12020137383638052" style="margin: 10px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 14px; line-height: 14px;">
www.securityfocus.com</div>
<div id="LPDescription_14607551400810.21410923305624574" style="display: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, 'Segoe UI', 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; overflow: hidden;">
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's largest and most comprehensive database of computer security knowledge and resources to the public. It
also hosts the BUGTRAQ mailing list.</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<br>
<p></p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Pete Brown <jpb@chykn.com><br>
<b>Sent:</b> Friday, April 15, 2016 3:42 PM<br>
<b>To:</b> cisco-voip@puck.nether.net<br>
<b>Subject:</b> DRS Backup Decrypter - Decrypt Failure After Patching</font>
<div> </div>
</div>
<div>
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Looks like the party is going to be over for decrypting backup sets without requiring the cluster security password...</p>
<p><br>
</p>
<p><a href="https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv85926" id="LPlnk485462" title="https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv85926
Ctrl+Click or tap to follow the link">https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv8592</a><br>
</p>
<p><br>
</p>
<p>All encrypted DRS backup sets until now have contained a plaintext copy of the randomly generated backup key. It lists the known affected releases as 10.5(2.12901.1), but this goes all the way from 8.0 to 11.5 and affects CUCM, UCON and UCCX. This is
how the decrypter has been able to decrypt backup sets without the cluster security password.</p>
<p><br>
</p>
<p>Once this is patched, you may no longer be able to decrypt backups even if you type in the correct password. If you run into this, please let me know and I'll work on an update.</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Pete</p>
</div>
</div>
</div>
</div>
</body>
</html>