01-31-2009 10:41 AM - edited 03-11-2019 07:44 AM
<p>Hi all,</p>
<p>I just finished configuring an ASA 5510 with AAA , but if I am trying ti change the enabled password I cant do it!</p>
<p>The curious thing is that the firewall sets up as enable the same password given with the username.</p>
<p>Anybody seen this before!</p>
<p>Thanks</p>
<p> </p>
Solved! Go to Solution.
02-02-2009 08:32 PM
Hi Vlad,
This is a Bug with ID CSCsh33287.
'aaa authentication enable console LOCAL' command may may result in privilege escalation. i.e Normal users will get privilge level 15 because of this vulnerability. For More info. Please visit http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#@ID
Click on 'Details'
Hope this helps.
Regards
Jithesh
02-01-2009 03:00 PM
Vlad
If we could know details of how you configured the ASA we might be able to give better answers to your question. It sound like you have configured authentication for enable to use the same authentication server that you use for login authentication. If that is the case then it is the expected behavior that you would authenticate to enable mode with the same password that you use for user mode. If you have configured authentication for enable to use TACACS (or Radius) with LOCAL as a backup method, then if the ASA were not able to communicate with the authentication server then it would use the configured enable password. But if it is configured to use TACACS (or Radius) as primary and if it can communicate with the authentication server then it will not use the configured enable password.
HTH
Rick
02-02-2009 01:27 AM
Rick,
This is what I did , nothing different then my previous configurations
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
Thanks,
Vlad
02-02-2009 12:27 PM
After a sh curpriv ..I just realised that my username has privilege 15.
Could this be the problem?
Thanks,
Vlad
02-02-2009 08:32 PM
Hi Vlad,
This is a Bug with ID CSCsh33287.
'aaa authentication enable console LOCAL' command may may result in privilege escalation. i.e Normal users will get privilge level 15 because of this vulnerability. For More info. Please visit http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#@ID
Click on 'Details'
Hope this helps.
Regards
Jithesh
02-03-2009 03:49 AM
Thank you Jithesh!
I will upgrade to 8.0 then!
Regards,
Vlad
02-03-2009 04:04 AM
It is my pleasure.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: