How to bypass the Cisco router configuration Password

Source: Internet
Author: User

Configuring a password for a Cisco router is a headache for common users. Here we will teach you how to configure a password for a Cisco router to bypass the vulnerability, cisco PIX, ASA, and FWSM are popular firewall devices that provide firewall services that can filter status messages and perform deep packet inspection.

Some software versions used by the above devices may have bugs. in some environments, the EXEC command and local user-defined password may be changed without user intervention, and enable password stored in the startup configuration. There are only two scenarios that can trigger this software bug: Software crashes, usually caused by software bugs. Note that not all software crashes will lead to the above adverse results. Two or more users simultaneously change the Cisco router configuration password on the same device. Regardless of the method used to access the device command line interface [CLI], Adaptive Security Device Manager [ASDM], firewall management center, etc.), the vulnerability will be triggered.

Note that when saving the configuration to the stable media storing the startup configuration through the write memory or copy running-config startup-config command, the password for starting the Cisco router configuration will be changed. In normal operations, if the running configuration is not saved, the password in the configuration password for starting the Cisco router will not be changed.

Once the password in the startup configuration is changed, if the authentication of EXEC and enable permissions depends on the password or the local account stored in the startup configuration, the Administrator will be locked after the next device overload. If AAA Server RADIUS or TACACS +) is used for authentication, whether or not LOCAL authentication is configured as a rollback fallback ), changing the password in the startup configuration only when the AAA Server is unavailable will lead to the above adverse results.

This software vulnerability may cause changes to the EXEC password, locally defined user password, and enable password in the password for starting the Cisco router configuration without user intervention. If you configure authentication to use the password stored in the startup configuration, the administrator cannot log on to the device. If a malicious user can guess a new password and restart the device, whether it is caused by a software crash or a manual restart by the network administrator, the device can be accessed without authorization.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.