Showing results for 
Search instead for 
Did you mean: 


IPS Password recovery/factory reset


I have a Cisco 5520 with aim-ssm-10 and I need to recover the password or perform a factory reset.

I have run hw-module module 1 password-reset and it has successfully reset the password, however previously the default Cisco username had been demoted to Viewer privilege and the password reset function does nothing to recover this privilege level.

Hence I now have access to the recovered Cisco/Cisco authentication, but with no access to do anything!

All the other usernames appear to have disappeared as well; eg. show users all

Has anyone encountered this before?

Is there a way to do a full factory reset?

I have read about recovering the image, but the image is okay.

Is there no way to just erase the configuration?



Hello Mike,

Can you please try authenticating with one of the other users (an admin would be best) that was configured on the system prior to the password reset? The pw-reset should not have altered any of the other users. The cisco viewer that you currently have configured will not have the ability to see the other user accounts.

If you are not able to authenticate via any account, a reimage is the only other option.

Thank you,

Blayne Dreier

Cisco TAC Escalation Team

**Please check out our Podcasts**

TAC Security Show:

TAC IPS Media Series:


Hi thanks for the reply.

I'm going to rack my brains over the other passwords, however in the event that it needs re-imaging then how can this be done? Is it possible to get an image without a Smartnet Subscription as at the moment we are only testing so do not have access to download an alternate image for this purpose.

Also does a re-image also refresh configuration data? With a normal ASA image update this would not be the case.

Thanks again.

Cisco Employee

FYI, this situation is tracked under an open enhancement request: CSCto86591 (IPS: Password Recovery feature should also reset cisco account's priv).

As noted by Blayne (and that enhancement request's Release Note Enclosure), in this situation, if no other Administrative account credentials are known, then a re-image ("recovery") of the sensor's application partition will be necessary to regain full access to it.


Hi Mike

Well - even though you are a bit locked down now you might not be completely lost since:

Viewer—This user role has the lowest level of privileges. Viewers can view configuration and event data and can modify their passwords

So - why no tjust upload the config and then do a re-image of the blade? ½ hour and you are back...

PS: on the support CD  which was delivered with the system I think there is a image

Content for Community-Ad