Configuring a password for a Cisco router is a headache for common users. Here we will teach you how to configure a password for a Cisco router to bypass the vulnerability, cisco PIX, ASA, and FWSM are popular firewall devices that provide firewall services that can filter status messages and perform deep packet inspection.
Some software versions used by the above devices may have bugs. in some environments, the EXEC command and local user-defined password may be changed without user intervention, and enable password stored in the startup configuration. There are only two scenarios that can trigger this software bug: Software crashes, usually caused by software bugs. Note that not all software crashes will lead to the above adverse results. Two or more users simultaneously change the Cisco router configuration password on the same device. Regardless of the method used to access the device command line interface [CLI], Adaptive Security Device Manager [ASDM], firewall management center, etc.), the vulnerability will be triggered.
Note that when saving the configuration to the stable media storing the startup configuration through the write memory or copy running-config startup-config command, the password for starting the Cisco router configuration will be changed. In normal operations, if the running configuration is not saved, the password in the configuration password for starting the Cisco router will not be changed.
Once the password in the startup configuration is changed, if the authentication of EXEC and enable permissions depends on the password or the local account stored in the startup configuration, the Administrator will be locked after the next device overload. If AAA Server RADIUS or TACACS +) is used for authentication, whether or not LOCAL authentication is configured as a rollback fallback ), changing the password in the startup configuration only when the AAA Server is unavailable will lead to the above adverse results.
This software vulnerability may cause changes to the EXEC password, locally defined user password, and enable password in the password for starting the Cisco router configuration without user intervention. If you configure authentication to use the password stored in the startup configuration, the administrator cannot log on to the device. If a malicious user can guess a new password and restart the device, whether it is caused by a software crash or a manual restart by the network administrator, the device can be accessed without authorization.