trouble changing enable password

Discussion in 'Cisco' started by gselser, Aug 22, 2006.

  1. gselser

    gselser Guest

    I have a cisco 1601 router that I want to change the enable password
    on. I know the current enable password. When I go into config t mode I
    type in "enable password <the new password>". I exit with ctrl z and
    write mem. When I logout and log back in I have to still use the old
    password, the new one will not work. I am not sure what I am doing
    wrong here. The only other thing is that I have the service
    password-encryption turned on, could this be causing the problem and if
    so what do I need to do to fix it. Any help or suggestions will be
    appreciated.
    Thanks
    Glenn
     
    gselser, Aug 22, 2006
    #1
    1. Advertising

  2. gselser

    James Guest

    gselser wrote:
    > I have a cisco 1601 router that I want to change the enable password
    > on. I know the current enable password. When I go into config t mode I
    > type in "enable password <the new password>". I exit with ctrl z and
    > write mem. When I logout and log back in I have to still use the old
    > password, the new one will not work. I am not sure what I am doing
    > wrong here. The only other thing is that I have the service
    > password-encryption turned on, could this be causing the problem and if
    > so what do I need to do to fix it. Any help or suggestions will be
    > appreciated.
    > Thanks
    > Glenn


    Is there also an "enable secret" command in the config?

    If so try:-

    conf t
    no enable password
    enable secret <the new password>

    James
     
    James, Aug 22, 2006
    #2
    1. Advertising

  3. gselser

    Rainer Temme Guest

    James wrote:
    >> enable password <the new password>


    > conf t
    > no enable password
    > enable secret <the new password>


    I think the enable secret should be preferred because
    its not easily decodable.

    but forms have a number before the actual password (IIRC)

    enable secret 0 <the_password_in_clear_text>

    or

    enable password 0 <the_password_in_clear_text>

    Rainer
     
    Rainer Temme, Aug 22, 2006
    #3
  4. gselser

    gselser Guest

    James wrote:
    > gselser wrote:
    > > I have a cisco 1601 router that I want to change the enable password
    > > on. I know the current enable password. When I go into config t mode I
    > > type in "enable password <the new password>". I exit with ctrl z and
    > > write mem. When I logout and log back in I have to still use the old
    > > password, the new one will not work. I am not sure what I am doing
    > > wrong here. The only other thing is that I have the service
    > > password-encryption turned on, could this be causing the problem and if
    > > so what do I need to do to fix it. Any help or suggestions will be
    > > appreciated.
    > > Thanks
    > > Glenn

    >
    > Is there also an "enable secret" command in the config?
    >
    > If so try:-
    >
    > conf t
    > no enable password
    > enable secret <the new password>
    >
    > James

    Yes I think there is a enable secret password. What is the difference
    between the enable and secret password or are they the same?
    Also is it okay to keep the service password-encryption on?
    Glenn
     
    gselser, Aug 22, 2006
    #4
  5. gselser

    AM Guest

    gselser wrote:

    > James wrote:


    > Yes I think there is a enable secret password. What is the difference
    > between the enable and secret password or are they the same?


    "enable secret" stores the password in a way that can not be decrypted.
    It wins over "enable password" as method that allows access to privilege mode. So you were changing something that
    wasn't used when authoriziting you to the privilege mode.

    > Also is it okay to keep the service password-encryption on?


    Yes of course, even if the encryption algorithm is very weak. Can be decrypted in few milliseconds.

    HTH

    Alex.
     
    AM, Aug 22, 2006
    #5
  6. gselser

    Sam Wilson Guest

    In article <>,
    "gselser" <> wrote:

    > Yes I think there is a enable secret password. What is the difference
    > between the enable and secret password or are they the same?
    > Also is it okay to keep the service password-encryption on?


    enable password is stored either in clear or in a reversible
    "encryption"[1] noted by a prefix of 7[2] if "service
    password-encryption" is set. enable secret is stored as an MD5 hash
    (prefix 5), which you might be able to reverse but it will take you some
    effort.

    If there's an enable secret the router will use it, if not it will fall
    back to enable password. There used to be situations where you needed
    both but I don't suppose there are many cases now.

    Sam

    [1] At one point Cisco used to refer to it as "obscured" rather than
    "encrypted" - there are several trivial password decryptors around.

    [2] A correspondent on a Cisco mailing list once asked why his password
    didn't work - it turned out it began with the name of a well known soft
    drink and even though password encryption wasn't set when the router
    read the config it saw the initial "7 up" and tried to decrypt the rest
    of the plain text password.
     
    Sam Wilson, Aug 22, 2006
    #6
  7. gselser

    gselser Guest

    Thank you all very much. This is the faster group discussion I have
    ever worked with.
    You responses and solutions both solved the problem and were
    informative
    Thanks Again
    Glenn
    Sam Wilson wrote:
    > In article <>,
    > "gselser" <> wrote:
    >
    > > Yes I think there is a enable secret password. What is the difference
    > > between the enable and secret password or are they the same?
    > > Also is it okay to keep the service password-encryption on?

    >
    > enable password is stored either in clear or in a reversible
    > "encryption"[1] noted by a prefix of 7[2] if "service
    > password-encryption" is set. enable secret is stored as an MD5 hash
    > (prefix 5), which you might be able to reverse but it will take you some
    > effort.
    >
    > If there's an enable secret the router will use it, if not it will fall
    > back to enable password. There used to be situations where you needed
    > both but I don't suppose there are many cases now.
    >
    > Sam
    >
    > [1] At one point Cisco used to refer to it as "obscured" rather than
    > "encrypted" - there are several trivial password decryptors around.
    >
    > [2] A correspondent on a Cisco mailing list once asked why his password
    > didn't work - it turned out it began with the name of a well known soft
    > drink and even though password encryption wasn't set when the router
    > read the config it saw the initial "7 up" and tried to decrypt the rest
    > of the plain text password.
     
    gselser, Aug 22, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Edwin Schulze

    Initial enable password for 805? (Newbie)

    Edwin Schulze, Jul 8, 2003, in forum: Cisco
    Replies:
    2
    Views:
    1,142
    Chris Williams
    Jan 18, 2005
  2. Jeremy
    Replies:
    1
    Views:
    546
    Barry Margolin
    Nov 13, 2003
  3. Hellen
    Replies:
    3
    Views:
    22,569
    AnyBody43
    Apr 5, 2004
  4. Craig B.

    Change enable password via SNMP

    Craig B., Oct 5, 2004, in forum: Cisco
    Replies:
    1
    Views:
    8,348
    Andrej Brkic
    Oct 15, 2004
  5. Rahan

    Configure Enable password

    Rahan, Aug 25, 2006, in forum: Cisco
    Replies:
    3
    Views:
    594
    BernieM
    Aug 25, 2006
Loading...

Share This Page