Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Recovering / Decoding Users Passwords In ACS

We have currently got a number of users who forget their passwords, change them and then seem to forget them again in a matter of 2-3 days, we are looking for a way of decrypting these users passwords from the Cisco User DB in ACS 2.6.4.

When I do a dump I get the password field in the following format

0x0020 85 55 cb ea fe 5f d2 a6 19 58 93 e2 fd ed 99 86 6d 30 22 64 73 50 6c 8f c1 db 62 ed 97 4f 31 8f

Can someone tell me what this is / Means, and how to decrypt it!

Could anyone give me some ideas on how this might be acheived, preferably not via a brute force attack.

New Member

Re: Recovering / Decoding Users Passwords In ACS

Personally I would hope that the passwords would be very difficult if not impossible to decode. If word went out that the database was compromisable hackers everywhere would think of methods to find these boxes and have their jollies. Mind you I may be a bit paranoid.

As for the users that keep forgetting their passwords. Make them wait a day for the password the second time around and increase that length by a day each time they call you. Eventually they will learn that remembering is a good thing. Do they forget their phone number, bank pin, and window's login? Probably the later but not the first two. Users need to take responsiblity for their passwords and if forgetting it every few days is their norm then they need to rethink their priorities.

As an alternative, you could think of giving them a one time password fob (secureID). That way they could use their bank pin as the 4 digits and then use the generated password as the remainder. This way they could forget it all they want, it changes every minute. *grins*


New Member

Re: Recovering / Decoding Users Passwords In ACS

Kim although I agree with you this does not help me to solve this problem in a simple way for both myself and the users... what I really need is a way to be able to recover the passwords..... Otherwise I fear we may have to change to another radius server to be able to accomplish this task!

Cisco Employee

Re: Recovering / Decoding Users Passwords In ACS

Cisco does not provide a way for customers to decrypt this password, as the previous poster said this would be a huge security risk.

Why don't you just check the "Apply password change rule" in the group settings on ACS, then when a user forgets their password get in and change their password to something simple and let them know what it is. The next time they log in they'll be forced to change their password to something else.

This is a lot easier than having to dump the database each time and decrypt their password (which you can't do anyway).

CreatePlease to create content