cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3823
Views
0
Helpful
6
Replies

Can't change the ASA 5510 enable password

hunnetvl01
Level 1
Level 1

<p>Hi all,</p>

<p>I just finished configuring an ASA 5510 with AAA , but if I am trying ti change the enabled password I cant do it!</p>

<p>The curious thing is that the firewall sets up as enable the same password given with the username.</p>

<p>Anybody seen this before!</p>

<p>Thanks</p>

<p> </p>

1 Accepted Solution

Accepted Solutions

Hi Vlad,

This is a Bug with ID CSCsh33287.

'aaa authentication enable console LOCAL' command may may result in privilege escalation. i.e Normal users will get privilge level 15 because of this vulnerability. For More info. Please visit http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#@ID

Click on 'Details'

Hope this helps.

Regards

Jithesh

View solution in original post

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Vlad

If we could know details of how you configured the ASA we might be able to give better answers to your question. It sound like you have configured authentication for enable to use the same authentication server that you use for login authentication. If that is the case then it is the expected behavior that you would authenticate to enable mode with the same password that you use for user mode. If you have configured authentication for enable to use TACACS (or Radius) with LOCAL as a backup method, then if the ASA were not able to communicate with the authentication server then it would use the configured enable password. But if it is configured to use TACACS (or Radius) as primary and if it can communicate with the authentication server then it will not use the configured enable password.

HTH

Rick

HTH

Rick

Rick,

This is what I did , nothing different then my previous configurations

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

Thanks,

Vlad

After a sh curpriv ..I just realised that my username has privilege 15.

Could this be the problem?

Thanks,

Vlad

Hi Vlad,

This is a Bug with ID CSCsh33287.

'aaa authentication enable console LOCAL' command may may result in privilege escalation. i.e Normal users will get privilge level 15 because of this vulnerability. For More info. Please visit http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#@ID

Click on 'Details'

Hope this helps.

Regards

Jithesh

Thank you Jithesh!

I will upgrade to 8.0 then!

Regards,

Vlad

It is my pleasure.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: