Just a warning if you have special characters in your password at the start and update to 220.127.116.11 you may not be able to login.
Recommend you make another admin user and backup your config
Should you be locked out you have to reset login with cisco default change password Swap firmware Image to old 18.104.22.168 reboot then load your config login change your password then Swap firmware Image to new 22.214.171.124 and your up and running again.
Same problem with SG350-10MP.. This is a stupid bug and will catch anyone out who cares about security!
How to reset password: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb4985-administrator-password-recovery-for-300-and-500-series-manag.html
According to the release notes the password encryption changed between 126.96.36.199 and 188.8.131.52 but I had no problems with that release.
I have verified that the username line in my config file was the same in an externally backed up 184.108.40.206 config file as when I recovered it from 220.127.116.11 using the console cable.
My password I've now checked was/is exactly 20 characters long with just lowercase and uppercase alphanumerics (it had no special characters).
What is possible is between 18.104.22.168 and 22.214.171.124 my password age was not updated and between 126.96.36.199 and 188.8.131.52 it had erroneously expired.
Resetting it using a console cable to exactly the same password as before works fine.. of course the line now looks different due to a different password age (presumably the date the password was set is stored in there) and salt ("In current release user credentials are salted and hashed using PBKDF2 based on HMAC-SHA-512 hash").
So while I haven't changed the outcome - I can bring clarity that it's unlikely to be specific passwords or a config upgrade issue that is causing the issue rather password expiry.
In my 184.108.40.206 config I had no reference to ageing but in 220.127.116.11+ I have "passwords aging 0 ", I wonder if there's an expiry bug we will see in the default ageing period (potentially 180 days). I'll keep my console cable handy.
Same issue with SG250X and 18.104.22.168. Update completed, rebooted and now "invalid password". 16 lenght with only & and ^ as special chars. Rest numbers and letters (mixed case)
Another SG350X updated at the same time (same version number), with the same password complexity and lenght has no issue. 16 lenght with only @ and ^ as specials chars. Rest numbers and letters (mixed case)
I have the same issue on a SG250-26 with the firmware 22.214.171.124. After the update was finished, I switched the boot version with the new firmware, rebooted the device and I am unable to login. The password contains only alpha-numeric characters and an *
I saw a couple of what I believe that are related issues, after the firmware upgrade.
This is very annoying, because I personally don't have physical access to the switch. Also, the SG250 does not have CLI in order to reset the password, and you are only left with the option to reset the switch.
Maybe CISCO is trying now to force some users to buy more expensive devices.