Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't change the ASA 5510 enable password

<p>Hi all,</p>

<p>I just finished configuring an ASA 5510 with AAA , but if I am trying ti change the enabled password I cant do it!</p>

<p>The curious thing is that the firewall sets up as enable the same password given with the username.</p>

<p>Anybody seen this before!</p>

<p>Thanks</p>

<p> </p>

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Can't change the ASA 5510 enable password

Hi Vlad,

This is a Bug with ID CSCsh33287.

'aaa authentication enable console LOCAL' command may may result in privilege escalation. i.e Normal users will get privilge level 15 because of this vulnerability. For More info. Please visit http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#@ID

Click on 'Details'

Hope this helps.

Regards

Jithesh

6 REPLIES
Hall of Fame Super Silver

Re: Can't change the ASA 5510 enable password

Vlad

If we could know details of how you configured the ASA we might be able to give better answers to your question. It sound like you have configured authentication for enable to use the same authentication server that you use for login authentication. If that is the case then it is the expected behavior that you would authenticate to enable mode with the same password that you use for user mode. If you have configured authentication for enable to use TACACS (or Radius) with LOCAL as a backup method, then if the ASA were not able to communicate with the authentication server then it would use the configured enable password. But if it is configured to use TACACS (or Radius) as primary and if it can communicate with the authentication server then it will not use the configured enable password.

HTH

Rick

New Member

Re: Can't change the ASA 5510 enable password

Rick,

This is what I did , nothing different then my previous configurations

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

Thanks,

Vlad

New Member

Re: Can't change the ASA 5510 enable password

After a sh curpriv ..I just realised that my username has privilege 15.

Could this be the problem?

Thanks,

Vlad

New Member

Re: Can't change the ASA 5510 enable password

Hi Vlad,

This is a Bug with ID CSCsh33287.

'aaa authentication enable console LOCAL' command may may result in privilege escalation. i.e Normal users will get privilge level 15 because of this vulnerability. For More info. Please visit http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml#@ID

Click on 'Details'

Hope this helps.

Regards

Jithesh

New Member

Re: Can't change the ASA 5510 enable password

Thank you Jithesh!

I will upgrade to 8.0 then!

Regards,

Vlad

New Member

Re: Can't change the ASA 5510 enable password

It is my pleasure.

1205
Views
0
Helpful
6
Replies