setting password on cat6000 switch bug (?)

[InDenial]

Hi,

I have had this weird problem twice the last year now. Because we had to remove all security related information from a cat6000 switch I also changed the password to cisco. ALthough I thought I did.

I used the command: set password cisco

The switch accepted. (while it shouldn;t). The result was that it DID change the password but the password was not cisco. and the result of that was that I could not access the switch anymore. not with the password I wanted to give, the old password and no password.

The command I should have given was:

set password <enter>
old password : <old password>
new password : cisco
new password : cisco

I was wondering if anyone else knows about this problem and knows a solution to retrieving the password without doing a password recovery. Maybe the switch changes it to a default password?

thanks in advance.

InDenial

 

[IPKONFIG]

What version of code you running on that Cat InDenial?

&quot;I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it.&quot;
- Jack Handey, Deep Thoughts

 

[InDenial]

IPKONFIG,

I believe it is 5.5(1). Will check when I am at work to see if that is right and will post a reply tomorrow...

InDenial

 

[vipergg]

Does this sound like your problem,if so it's a code problem .

set password <password> can change password to an unknown password Product cat6000 Model c6506 Component commands Duplicate of Severity 1 Severity help Status Resolved Status help First Found-in Version 6.1(1), 6.2(0.1) First Fixed-in Version 6.2(0.81), 5.5(5.11), 6.1(2.1), 6.3(0.6)PAN
Release Notes

This is a problem introeduced in 5.4(1) and has impact on cat4k/cat5k/cat6k platforms.
If users have a local password containing any upper case characters,e.g. ''San'',after an invalid command ''set password xxx'', users will no longer be able to login or change the configured password. Passwords without
any upper case characters are not affected, e.g. ''san''.
Workarounds:
1) use normal password recovery procedures, or
2) if you are still in enable mode on the switch, you can enter the &quot;set password&quot; and/or &quot;set enable&quot; line from a different switch''s config file. For example, Switch A just ran into this issue. Without disconnecting from Switch A, view the config file from switch B and copy the line: set password $2$6IJa$SbEveT/fIdXVUvWifn.i7. into switch A.
This will change the password on switch A to be the same as switch B. Ditto for ''set enablepass <enablepasswd>'' invalid command and enablepassword contains upper case character(s).

 

[InDenial]

vipergg,

I believe that is exactly what it is. I can not try number 2 cause I can not access the switch anymore. Although maybe an snmpset will do the trick.

I already told them to do a password recovery but I have no idea if they already did that. Will check it out today and post back with any info.



InDenial

 

[InDenial]

Vipergg,

Can't check it anymore they already did a password recovery.


InDenial