CUCM 6.1 password encryption

ttortelier · ‎04-30-2010

Hi all,

I wonder if someone know how is encrypted the user password in CUCM 6.1.

User 1 has password : 12345

User 2 has password : 12345

If I extract the end user database I can see the following :

test1 f486f4dc05ab0ec247e878e610b846c924821a62

test2 d37f542921b10baa33e9d39e0d312e1defcd93fc

What is the hashing method for the password encryption.

I'm doing this in order to see how many user in my system kept the original 12345 password.

Thank you all.

thto@telindus.fr

William Bell · ‎04-30-2010

The hash probably embeds date/time information into the hashed string. That would be my guess based on the last time I looked into a similar request.

Do you have credential policies configured so that the user must change their password at the next logon attempt? If so, maybe you could check to see if it has been modified:

admin:run sql query select eu.userid, tc.name as credentialtype, c.credmustchange from enduser as eu inner join credential as c on c.fkenduser=eu.pkid inner join typecredential as tc on c.tkcredential=tc.enum where c.credmustchange='t'

Another table you could check is the credentialhistory table. Could be useful if you aren't enforcing password changes but have enabled password history. Maybe something like:

admin:run sql query select eu.userid,tc.name as credentialtype, ch.changeid, ch.timechanged from enduser as eu inner join credentialhistory as ch on ch.fkenduser=eu.pkid inner join typecredential as tc on ch.tkcredential=tc.enum

HTH.

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify