01-17-2011 01:23 AM - edited 03-10-2019 05:14 AM
I have a cisco ASA 5520 with AIP SSM 20 , which i breaked password by the command " hw-module module 1 password-reset".
After the reset, I am able to login to the device with the username & password cisco , and after login, it requests to chsnge the password,
but the issue is that, all the previous users got erased off, and the current user cisco is having user privileges only.
So I am unable to create any further users, and i am unable change any settings...
Any body can help me on this...?
01-17-2011 01:49 AM
No, unfortunately if you only have user accounts but not admin accounts in the IPS module, you won't be able to create any new users as it only have view/read access. You would need to perform a system reimage unfortunately. The password recovery will only recover the password for the username "cisco", and if you have changed that to view only privilege, you won't be able to make any changes.
01-17-2011 03:56 AM
I had an admin account while I resetted the password but I was not having the password for the same.
When I reset the password to cisco, the admin account also got deleted. I am not able to see any other account except ' cisco ' which is having viewer rights only.
1. While reseting the passwords whether the other accounts will also will get deleted...?
2. After reseting the password, the default user 'cisco' is having viewer rights only. if thats the case, then we can only monitor the device, we will not be able to do any config changes..wright...?
3. Is this the feature of the device...?
01-17-2011 04:32 AM
Password reset will only reset the password for username "cisco". If you have actually change the privilege for the username "cisco" to view only before, then it will have view only privilege. If you have configured any other admin user and lost the password, you won't be able to reset those password, as password reset is only for "cisco" username.
1. No, other accounts should not be removed.
2. No, you would probably already change the "cisco" account to user account prior to password reset. Password reset will only change the password to default, it will not change the privilege from admin to view only.
01-17-2011 05:01 AM
Jeniffer,
Thanks a lot for the reply.
What may have happened to the already existing users (admin users) while breaking the password for the user "cisco"...?
What will happen when we already deleted the user "cisco" before resetting..?
01-17-2011 05:08 AM
Nothing will happen to the existing users (admin users) when you reset the password for "cisco" username.
If you deleted the username "cisco", then you can't reset any password as password reset only works for username "cisco".
Therefore, it is recommended to keep the "cisco" username with maybe a very complicated password with admin access, so if you lost the password for any other admin user accounts, at least you can still use the "cisco" admin account to connect and make changes. If you also lost the "cisco" admin password, at least you can reset it, and it still have the admin privilege.
Here is the URL for your reference:
Hope that answers your question.
01-17-2011 05:34 AM
In my case, I have reset the password, but when I login back, I am not able to see any other users except cisco.
And also the users with admin privileges was locked. thats why i needed to reset the password.
I havent fired any other commands except the hw-module module 1 password-reset command.
01-17-2011 05:48 PM
You can only reset the "cisco" password, you can't reset any other admin password using the password reset feature "hw-module module 1 password-reset". If your other admin password is locked, and you only have 1 admin user, you won't be able to reset the password. You would need to reimage the IPS to gain access back, and with reimage you will lose all your configuration. Hopefully you have a backup of your configuration if you made lots of changes to your IPS, otherwise, if it's pretty much just default configuration, you will only need to setup the ip address, signature update and a few other things after the reimage.
01-19-2011 06:14 AM
Whether there is a requirement for a system reimage. Can we factory default so that we can configure the same, or copy the existing configuration after creating a new user with admin privilege.?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide