06-20-2011 07:55 AM - edited 03-10-2019 05:22 AM
Hi.
I have a Cisco 5520 with aim-ssm-10 and I need to recover the password or perform a factory reset.
I have run hw-module module 1 password-reset and it has successfully reset the password, however previously the default Cisco username had been demoted to Viewer privilege and the password reset function does nothing to recover this privilege level.
Hence I now have access to the recovered Cisco/Cisco authentication, but with no access to do anything!
All the other usernames appear to have disappeared as well; eg. show users all
Has anyone encountered this before?
Is there a way to do a full factory reset?
I have read about recovering the image, but the image is okay.
Is there no way to just erase the configuration?
Thanks.
06-20-2011 08:12 AM
Hello Mike,
Can you please try authenticating with one of the other users (an admin would be best) that was configured on the system prior to the password reset? The pw-reset should not have altered any of the other users. The cisco viewer that you currently have configured will not have the ability to see the other user accounts.
If you are not able to authenticate via any account, a reimage is the only other option.
Thank you,
Blayne Dreier
Cisco TAC Escalation Team
**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/docs/DOC-12758
06-21-2011 06:18 AM
Hi thanks for the reply.
I'm going to rack my brains over the other passwords, however in the event that it needs re-imaging then how can this be done? Is it possible to get an image without a Smartnet Subscription as at the moment we are only testing so do not have access to download an alternate image for this purpose.
Also does a re-image also refresh configuration data? With a normal ASA image update this would not be the case.
Thanks again.
06-21-2011 06:41 AM
FYI, this situation is tracked under an open enhancement request: CSCto86591 (IPS: Password Recovery feature should also reset cisco account's priv).
As noted by Blayne (and that enhancement request's Release Note Enclosure), in this situation, if no other Administrative account credentials are known, then a re-image ("recovery") of the sensor's application partition will be necessary to regain full access to it.
06-23-2011 12:39 AM
Hi Mike
Well - even though you are a bit locked down now you might not be completely lost since:
Viewer—This user role has the lowest level of privileges. Viewers can view configuration and event data and can modify their passwords
So - why no tjust upload the config and then do a re-image of the blade? ½ hour and you are back...
PS: on the support CD which was delivered with the system I think there is a image
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide