Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

12.2(50)SE Bug ?

Not sure if this is a bug or a new feature ?

switchname(config)#enable secret 5 XXXXXXXXXXXXXX (encrypted password)

ERROR: The secret you entered is not a valid encrypted secret.

To enter an UNENCRYPTED secret, do not specify type 5 encryption.

When you properly enter an UNENCRYPTED secret, it will be encrypted.

Hope that this is a bug, but have anybody else a fix for this problem ?

cut & paste of old config doen't work any longer. :-(

9 REPLIES
Hall of Fame Super Silver

Re: 12.2(50)SE Bug ?

Hello Roar,

the message says to use

enable secret

I would so and I would leave to the device to create the encrypted version of the secret

these are the options

enable secret ?

0 Specifies an UNENCRYPTED password will follow

5 Specifies an ENCRYPTED secret will follow

LINE The UNENCRYPTED (cleartext) 'enable' secret

Hope to help

Giuseppe

Hall of Fame Super Gold

Re: 12.2(50)SE Bug ?

This is probably an "undocumented feature". I can't even see this command anymore in the 12.2(50)SE Switch Command Reference.

Typing the enable secret and the appliance will automatically encrypt it event though the "no service password-encrypt" is available. See below:

no service password-encryption

!

enable secret 5 $1$TZVm$SSMOghMN0RymiQKxNfmUC.

enable password juniper

Not good.

Bronze

Re: 12.2(50)SE Bug ?

Service password-encryption has nothing to do with any "secret" passwords. They are automatically shown hashed MD5 output.

Service password-encryption only encrypts clear text passwords utilizing the "password 7" cipher (Vigenere). The passwords are not "encrypted". They are obfuscated to keep people from shoulder surfing.

New Member

Re: 12.2(50)SE Bug ?

You can get the crypts in by partial config file transfer via tftp/scp, and they still work from flash. It's just from the commandline that this is borked.

New Member

Re: 12.2(50)SE Bug ?

Hi,

This appears to be a new bug that has not been fixed yet.

The bug is CSCsy24510: IOS no longer accepts encrypted password / secret

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy24510

Hall of Fame Super Gold

Re: 12.2(50)SE Bug ?

Hi Erich,

Thanks for point us to the right direction. +5

New Member

Re: 12.2(50)SE Bug ?

I've just confirmed that 12.2(50)SE1 has fixed this bug. I was finally able to paste in my encrypted secret passwords from the command-line. I'm glad I found this thread, because I was banging my head against the wall.

New Member

Re: 12.2(50)SE Bug ?

Hello there,

I am not sure which version of IOS you're running but, this indeed looks like the bug I pointed out.

CSCsy24510 IOS no longer accepts encrypted password / secret

It is fixed in 12.2(50)SE1.

New Member

Re: 12.2(50)SE Bug ?

Oops,

Still learning the NetPro tool. Glad to know that your problem is fixed.

Just to summarize, this bug is fixed in 12.2(50)SE1.

402
Views
5
Helpful
9
Replies
CreatePlease to create content