An issue in the Password Policy settings of Cisco Identity Services Engine (ISE) could allow an administrator to use expired credentials to gain access to the web management interface.
When the Password Lifetime setting for the administrator password policy is used to set the password to expire, the password does not expire. As a result, an administrator could use expired credentials to log in to the web management interface and have the same level of privileges as before the password expired. No additional privileges would be gained, and valid credentials would be required.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-lifetime-pwd-GpCs76mb
Security Impact Rating: Informational
Source:: Cisco Security Advisories