cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1065
Views
0
Helpful
1
Replies

undocumented/default "pix" User in Cisco ASA

robertblasey
Level 1
Level 1

Hi -

I came across a username at a new customer I was not aware off: "pix".(I felt like an Idiot looking through "show run all" not seeing the user after 5 years of descent asa/pix experience)

While I am usually using username/password/priv-level and aaa authentication on my ASA configurations, this customer is using a user "pix" which is invisible in the "show run" and "show run all" command or even the "more system:flash" command. IMO it is a rather bad practice to use a user which would not survive any current configuration backup mechanisms or even worse open a firewall with a default user after some kind of configuration recovery/reset.

Anybody any Idea why people would use this undocumented user - why there is a user on the Cisco ASA which can be used to login with - or where in the world this user is stored with its password? - Is this a kind of TAC backdoor to lost passwords?

Regards
Robert

1 Reply 1

Yudong Wu
Level 7
Level 7

"asa" or "pix" are default fallback username that can be used in some scenarios if other authentication methods are unavailable.

I think we removed them in the latest ASA code (later 8.3 or 8.4).

I agree with you. This is not secure.