cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


1924
Views
20
Helpful
8
Replies
Peter __
Beginner

update to 2.5.8.12 login problem

Just a warning if you have special characters in your password at the start and update to 2.5.8.12 you may not be able to login.

 

Recommend you make another admin user and backup your config 

 

Should you be locked out you have to reset login with cisco default change password Swap firmware Image to old 2.5.7.85 reboot then load your config login change your password then Swap firmware Image to new 2.5.8.12 and your up and running again. 

8 REPLIES 8
marce1000
VIP Advisor

 

          - Useful but you also may want to specify the device/model which gave you this problem.

 M.

SG350-10 10-Port Gigabit but guess other models will have the same problem 

matthew1471
Beginner

Same problem with SG350-10MP.. This is a stupid bug and will catch anyone out who cares about security!

How to reset password: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb4985-administrator-password-recovery-for-300-and-500-series-manag.html

Fully agree ! This is not funny whether or not it can be solved via password reset.

cyberconsultants
Beginner

I did not experience this issue upgrading an SG350X-12PMV from v2.5.7.85 to v2.5.8.12. (Password 60+ characters/350+ bits/multi-case alphanumeric plus special characters.)

Martin Aleksandrov
Cisco Employee

Hello,

 

You may need to log a case with the TAC so they can investigate and eventually file a bug. Following the standard process, this can be escalated and fixed with some of the next firmware releases.

 

Thanks,

Martin

matthew1471
Beginner

According to the release notes the password encryption changed between 2.5.5.47 and 2.5.7.85 but I had no problems with that release.

I have verified that the username line in my config file was the same in an externally backed up 2.5.7.85 config file as when I recovered it from 2.5.8.12 using the console cable.

My password I've now checked was/is exactly 20 characters long with just lowercase and uppercase alphanumerics (it had no special characters).

What is possible is between 2.5.5.47 and 2.5.7.85 my password age was not updated and between 2.5.7.85 and 2.5.8.12 it had erroneously expired.

 

Resetting it using a console cable to exactly the same password as before works fine.. of course the line now looks different due to a different password age (presumably the date the password was set is stored in there) and salt ("In current release user credentials are salted and hashed using PBKDF2 based on HMAC-SHA-512 hash").

 

So while I haven't changed the outcome - I can bring clarity that it's unlikely to be specific passwords or a config upgrade issue that is causing the issue rather password expiry.

 

In my 2.5.5.47 config I had no reference to ageing but in 2.5.7.85+ I have "passwords aging 0 ", I wonder if there's an expiry bug we will see in the default ageing period (potentially 180 days). I'll keep my console cable handy.

Same issue with SG250X and 2.5.8.12. Update completed, rebooted and now "invalid password". 16 lenght with only & and ^ as special chars. Rest numbers and letters (mixed case)

Another SG350X updated at the same time (same version number), with the same password complexity and lenght has no issue. 16 lenght with only @ and ^ as specials chars. Rest numbers and letters (mixed case)