Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
86733
Views
12
Helpful
4
Replies

Error while giving level 7 password

ashley9march
Level 1
Level 1

‎03-24-2005 09:33 PM - edited ‎03-03-2019 09:08 AM

Hi,

While creating a user and giving a level 7 password on the cisco 3745 Router, its showing the following error:

Invalid encrypted password: cisco

But if I give it level 0 password which is unencrypted level, it takes it successfully. "service password-encryption" is also enabled.

Router(config)#username cisco password 7 cisco

Invalid encrypted password: cisco

regds

Ashish

HCL Infinet Ltd

India

3 people had this problem
Labels:
4 Replies 4

mhussein
Level 4
Level 4

‎03-24-2005 10:32 PM

Hi,

If you are adding a new user, you should use username cisco password 0 cisco

and it will be encrypted:

router(config)#username cisco password 0 cisco

router(config)#do sho run | i username cisco

username cisco password 7 045802150C2E

Now you can copy the encrypted password (045802150C2E) and configure it for the same or any other user on any router with username cisco password 7 045802150C2E. This feature allows for username portability.

Note that, the encrypted password can easily be cracked:

http://www.kazmier.com/computer/cisco-noswing.html

For a stronger password use username cisco secret 0 cisco

Reference:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fothercr/srfpass.htm#wp1030793

Regards,

Mustafa

ashley9march
Level 1
Level 1
In response to mhussein

‎03-25-2005 11:25 PM

Though it has solved my problem to some extent but the mystery is still unsolved completely because once I use the 'do' command, I can create more then one user with level 7 password at the same time without using the 'do' command again for each user. I know this 'do' command is used to run exec level commands in global conf mode but Is the same command is any type of service also?

Thanx for your reply.

0 Helpful

mhussein
Level 4
Level 4
In response to ashley9march

‎03-26-2005 04:41 PM

Sorry, I jammed all commands in 2 lines. You are right, the "do" command is just a convenient way of using exec commands from the config mode, it has no significance here.

What I meant to say is, when using "username cisco password 0 ..." the IOS is expecting you to type a clear text password. After that the IOS encrypts the password because "service password-encryption" is enabled:

router(config)#username cisco password 0 cisco

router(config)#exit

router#show running-config

...

username cisco password 7 045802150C2E

...

Does that make sense?

0 Helpful

Georg Pauwen
VIP
VIP

‎03-24-2005 10:47 PM

Hello,

you cannot enter a level 7 password in cleartext, level 7 expects an encrypted string. In order to enter ´cisco´ as an encrypted string, you first have to find out what the encrypted string looks like, once you know that, you can enter that string:

enable password 7 110A101614D

Try the following in order to see how it works:

Type ´enable password 0 cisco´ and then enable ´service password-encryption´. Write down the encrypted string you see in your configuration. Then reverse what you just did, that is, type ´no service password-encryption´ and ´no enable password 0 cisco´. Then, type ´enable password 7´ followed by the encrypted string you wrote down...

HTH,

GP

Customers Also Viewed These Support Documents