unable to login after password change ASA 5500

Unanswered Question
Feb 22nd, 2010

i attempted to change the admin password from the default of user: cisco, pass: cisco by using the following command from the terminal command line:  hostname(config)# enable password (new password) encrypted

once the command was entered and i wrote it to memory, i logged out of the system and attempted to log back in using the new password and i was unable to login with the new password or the old password. i can even scroll up and see the new password i inputed and even used copy and paste to ensure i wasn't mistyping in the new password. i can no longer access the system at all. any suggestions why i am unable to login with the new password i created?
also i can not use password recovery as it is disabled. and i can't restore the system because it's operational and can not be taken offline.
thanks in advance for your help!
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
busterswt Fri, 02/26/2010 - 18:59

By adding the word 'encrypted', you told the ASA that the password you entered was the encrypted version of the password and not the cleartext version. If you had left off the word 'encrypted', the ASA would have taken your cleartext password and encrypted it in the configuration. A 'show run' would have shown the encrypted version of the password you entered.

You'll likely need to do a password recovery on the device. Instructions (though a little dated) can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1058131

Good luck!

James

tmercer12 Tue, 03/02/2010 - 09:37

Thank you John, but I can't do a password recovery because it has been disabled. So I won't be able to log into the cisco device with the password I updated and there is no way to login because I encrypted it?

busterswt Tue, 03/02/2010 - 09:42

That's correct. Since you've disabled password recovery, when you enter rommon you will be prompted to flash the device which will effectively remove the entire config. Do you have a recent backup of the configuration that was taken prior to the password change? If so, your only option at this point may be to flash the device and reload the backup config (with known good password).

Good luck,

James

tmercer12 Tue, 03/02/2010 - 09:45

Bummer. That's what I was trying to avoid. So what is the correct command to change the default admin password from cisco cisco?

Actions

This Discussion