Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9368
Views
0
Helpful
2
Replies

Cisco IOS Type 7 Password Detected. (Zero Day

riyalsandeep1
Level 1
Level 1

‎07-01-2021 05:13 AM

I have run vulnerability SCAN for few cisco devices & found this .. Let us know if you can help here. 

THREAT:
Cisco IOS is a family of software used on most Cisco Systems routers and current Cisco network switches.
There are several variants/code that take advantage of the Cisco IOS type 7 password vulnerability. An attacker tries to obtain a copy of the
encrypted type 7 password from a Cisco router usually by obtaining the Cisco IOS configuration file.
QID detection logic (Authenticated):
This QID checks for Type 7 password on Cisco IOS.
IMPACT:
Due to weak encryption in Type 7 password, an attacker can decrypt password to take advantage of Cisco IOS devices.
SOLUTION:
Cisco has not planned to release fix to this vulnerability

4 people had this problem
0 Helpful
2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-01-2021 06:26 AM

You are best off using type 9 passwords which should alleviate the issue you are discussing.  See here: https://community.cisco.com/t5/security-documents/why-you-should-be-using-scrypt-for-cisco-router-password-storage/ta-p/3157196

HTH!

0 Helpful

cmarva
Level 4
Level 4

‎07-01-2021 09:03 AM

on any of your devices, either enable password or username password should be replaced with

enable secret and username secret. That will get rid of the type 7 hashes.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card