[nsp] cisco password hash problems?

Nick Kraal nick at arc.net.my
Mon Apr 12 20:03:44 EDT 2004


This happened also on a couple of 7507s running (RSP-K91PV-M), Version
12.2(18)S4,  RELEASE SOFTWARE (fc1).

-nick/

----- Original Message ----- 
From: "John Osmon" <josmon at rigozsaurus.com>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, April 13, 2004 6:53 AM
Subject: [nsp] cisco password hash problems?


> I recently started running c7200-k91p-mz.122-18.S4.bin on a 7206.
> Once booted, I wasn't able to login with a one of the locally defined
> usernames.  Resetting the password fixed things, but the fact that it
> happened at all annoyed me.
>
> With a little experimentation, I finally found out that the particular
> hash that I had was the problem.
>   - It works fine in the older IOS version, but always fails with the
newer.
>   - I created a new hash by using the same password on the older IOS,
>     and had no problem when booting the new IOS
>   - I created a new hash with the same password using the newer IOS
>     and was able to login with either IOS version booted
>
> It's gotten me spooked enough that our new template for upgrading
> routers (especially remote ones) has a couple of new steps at the
> beginning:
>   - no service password-encryption
>   - username yyy password <new password>
>   - write
>
> Once the upgrade is done, we'll add back 'service password-encryption'.
>
> Has anyone else experienced this problem?  IOS details and the password
> hash are available to any of the Cisco folks that want to disect
> things...
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list