We have currently got a number of users who forget their passwords, change them and then seem to forget them again in a matter of 2-3 days, we are looking for a way of decrypting these users passwords from the Cisco User DB in ACS 2.6.4.
When I do a dump I get the password field in the following format
0x0020 85 55 cb ea fe 5f d2 a6 19 58 93 e2 fd ed 99 86 6d 30 22 64 73 50 6c 8f c1 db 62 ed 97 4f 31 8f
Can someone tell me what this is / Means, and how to decrypt it!
Could anyone give me some ideas on how this might be acheived, preferably not via a brute force attack.
Personally I would hope that the passwords would be very difficult if not impossible to decode. If word went out that the database was compromisable hackers everywhere would think of methods to find these boxes and have their jollies. Mind you I may be a bit paranoid.
As for the users that keep forgetting their passwords. Make them wait a day for the password the second time around and increase that length by a day each time they call you. Eventually they will learn that remembering is a good thing. Do they forget their phone number, bank pin, and window's login? Probably the later but not the first two. Users need to take responsiblity for their passwords and if forgetting it every few days is their norm then they need to rethink their priorities.
As an alternative, you could think of giving them a one time password fob (secureID). That way they could use their bank pin as the 4 digits and then use the generated password as the remainder. This way they could forget it all they want, it changes every minute. *grins*
Kim although I agree with you this does not help me to solve this problem in a simple way for both myself and the users... what I really need is a way to be able to recover the passwords..... Otherwise I fear we may have to change to another radius server to be able to accomplish this task!
Cisco does not provide a way for customers to decrypt this password, as the previous poster said this would be a huge security risk.
Why don't you just check the "Apply password change rule" in the group settings on ACS, then when a user forgets their password get in and change their password to something simple and let them know what it is. The next time they log in they'll be forced to change their password to something else.
This is a lot easier than having to dump the database each time and decrypt their password (which you can't do anyway).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :