cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1724
Views
0
Helpful
8
Replies

Cisco AIP-SSM 20 break password issue...!

I have a cisco ASA 5520 with AIP SSM 20 , which i breaked password by the command " hw-module module 1 password-reset".

After the reset, I am able to login to the device with the username & password cisco , and after login, it requests to chsnge the password,

but the issue is that, all the previous users got erased off, and the current user cisco is having user privileges only.

So I am unable to create any further  users, and i am unable change any settings...

Any body can help me on this...?

8 Replies 8

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately if you only have user accounts but not admin accounts in the IPS module, you won't be able to create any new users as it only have view/read access. You would need to perform a system reimage unfortunately. The password recovery will only recover the password for the username "cisco", and if you have changed that to view only privilege, you won't be able to make any changes.

I had an admin account while I resetted the password but I was not having the password for the same.

When I reset the password to cisco, the admin account also got deleted. I am not able to see any other account except ' cisco ' which is having viewer rights only.

1. While reseting the passwords whether the other accounts will also will get deleted...?

2. After reseting the password, the default user 'cisco' is having viewer rights only. if thats the case, then we can only monitor the device, we will not be able to do any config changes..wright...?

3. Is this the feature of the device...?

Password reset will only reset the password for username "cisco". If you have actually change the privilege for the username "cisco" to view only before, then it will have view only privilege. If you have configured any other admin user and lost the password, you won't be able to reset those password, as password reset is only for "cisco" username.

1. No, other accounts should not be removed.

2. No, you would probably already change the "cisco" account to user account prior to password reset. Password reset will only change the password to default, it will not change the privilege from admin to view only.

Jeniffer,

Thanks a lot for the reply.

What may have happened to the already existing users (admin users) while breaking the password for the user "cisco"...?

What will happen when we already deleted the user "cisco" before resetting..?

Nothing will happen to the existing users (admin users) when you reset the password for "cisco" username.

If you deleted the username "cisco", then you can't reset any password as password reset only works for username "cisco".

Therefore, it is recommended to keep the "cisco" username with maybe a very complicated password with admin access, so if you lost the password for any other admin user accounts, at least you can still use the "cisco" admin account to connect and make changes. If you also lost the "cisco" admin password, at least you can reset it, and it still have the admin privilege.

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_troubleshooting.html#wp1139513

Hope that answers your question.

In my case, I have reset the password, but when I login back, I am not able to see any other users except cisco.

And also the users with admin privileges was locked. thats why i needed to reset the password.

I havent fired any other commands except the hw-module module 1 password-reset command.

You can only reset the "cisco" password, you can't reset any other admin password using the password reset feature "hw-module module 1 password-reset". If your other admin password is locked, and you only have 1 admin user, you won't be able to reset the password. You would need to reimage the IPS to gain access back, and with reimage you will lose all your configuration. Hopefully you have a backup of your configuration if you made lots of changes to your IPS, otherwise, if it's pretty much just default configuration, you will only need to setup the ip address, signature update and a few other things after the reimage.

Whether there is a requirement for a system reimage. Can we factory default so that we can configure the same, or copy the existing configuration after creating a new user with admin privilege.?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: