[nsp] cisco password hash problems?
Stephen J. Wilcox
steve at telecomplete.co.uk
Mon Apr 12 19:07:27 EDT 2004
I have seen it on 12.0(?) variations where something changed and any hashed
passwords (username/radius secret) stopped working.. not seen it on any of the
12.1/12.2 strains tho.
Steve
On Mon, 12 Apr 2004, John Osmon wrote:
> I recently started running c7200-k91p-mz.122-18.S4.bin on a 7206.
> Once booted, I wasn't able to login with a one of the locally defined
> usernames. Resetting the password fixed things, but the fact that it
> happened at all annoyed me.
>
> With a little experimentation, I finally found out that the particular
> hash that I had was the problem.
> - It works fine in the older IOS version, but always fails with the newer.
> - I created a new hash by using the same password on the older IOS,
> and had no problem when booting the new IOS
> - I created a new hash with the same password using the newer IOS
> and was able to login with either IOS version booted
>
> It's gotten me spooked enough that our new template for upgrading
> routers (especially remote ones) has a couple of new steps at the
> beginning:
> - no service password-encryption
> - username yyy password <new password>
> - write
>
> Once the upgrade is done, we'll add back 'service password-encryption'.
>
> Has anyone else experienced this problem? IOS details and the password
> hash are available to any of the Cisco folks that want to disect
> things...
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list