12.2(50)SE Bug ?

Unanswered Question
Mar 13th, 2009
User Badges:

Not sure if this is a bug or a new feature ?


switchname(config)#enable secret 5 XXXXXXXXXXXXXX (encrypted password)

ERROR: The secret you entered is not a valid encrypted secret.

To enter an UNENCRYPTED secret, do not specify type 5 encryption.

When you properly enter an UNENCRYPTED secret, it will be encrypted.


Hope that this is a bug, but have anybody else a fix for this problem ?


cut & paste of old config doen't work any longer. :-(

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Fri, 03/13/2009 - 03:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Roar,


the message says to use


enable secret


I would so and I would leave to the device to create the encrypted version of the secret


these are the options


enable secret ?

0 Specifies an UNENCRYPTED password will follow

5 Specifies an ENCRYPTED secret will follow

LINE The UNENCRYPTED (cleartext) 'enable' secret


Hope to help

Giuseppe


Leo Laohoo Sun, 03/15/2009 - 18:00
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

This is probably an "undocumented feature". I can't even see this command anymore in the 12.2(50)SE Switch Command Reference.


Typing the enable secret and the appliance will automatically encrypt it event though the "no service password-encrypt" is available. See below:


no service password-encryption

!

enable secret 5 $1$TZVm$SSMOghMN0RymiQKxNfmUC.

enable password juniper


Not good.

Service password-encryption has nothing to do with any "secret" passwords. They are automatically shown hashed MD5 output.


Service password-encryption only encrypts clear text passwords utilizing the "password 7" cipher (Vigenere). The passwords are not "encrypted". They are obfuscated to keep people from shoulder surfing.



b.julin Tue, 03/17/2009 - 07:11
User Badges:
  • Bronze, 100 points or more


You can get the crypts in by partial config file transfer via tftp/scp, and they still work from flash. It's just from the commandline that this is borked.


Leo Laohoo Tue, 03/17/2009 - 15:54
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hi Erich,

Thanks for point us to the right direction. +5

erik.briggs Fri, 05/01/2009 - 08:22
User Badges:

I've just confirmed that 12.2(50)SE1 has fixed this bug. I was finally able to paste in my encrypted secret passwords from the command-line. I'm glad I found this thread, because I was banging my head against the wall.

eborcher Fri, 05/01/2009 - 08:48
User Badges:
  • Cisco Employee,

Hello there,


I am not sure which version of IOS you're running but, this indeed looks like the bug I pointed out.


CSCsy24510 IOS no longer accepts encrypted password / secret


It is fixed in 12.2(50)SE1.



eborcher Fri, 05/01/2009 - 08:51
User Badges:
  • Cisco Employee,

Oops,


Still learning the NetPro tool. Glad to know that your problem is fixed.


Just to summarize, this bug is fixed in 12.2(50)SE1.

Actions

This Discussion