Same problem with SG350-10MP.. This is a stupid bug and will catch anyone out who cares about security!

How to reset password: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb4985-administrator-password-recovery-for-300-and-500-series-manag.html

I did not experience this issue upgrading an SG350X-12PMV from v2.5.7.85 to v2.5.8.12. (Password 60+ characters/350+ bits/multi-case alphanumeric plus special characters.)

Hello,

You may need to log a case with the TAC so they can investigate and eventually file a bug. Following the standard process, this can be escalated and fixed with some of the next firmware releases.

Thanks,

Martin

According to the release notes the password encryption changed between 2.5.5.47 and 2.5.7.85 but I had no problems with that release.

I have verified that the username line in my config file was the same in an externally backed up 2.5.7.85 config file as when I recovered it from 2.5.8.12 using the console cable.

My password I've now checked was/is exactly 20 characters long with just lowercase and uppercase alphanumerics (it had no special characters).

What is possible is between 2.5.5.47 and 2.5.7.85 my password age was not updated and between 2.5.7.85 and 2.5.8.12 it had erroneously expired.

Resetting it using a console cable to exactly the same password as before works fine.. of course the line now looks different due to a different password age (presumably the date the password was set is stored in there) and salt ("In current release user credentials are salted and hashed using PBKDF2 based on HMAC-SHA-512 hash").

So while I haven't changed the outcome - I can bring clarity that it's unlikely to be specific passwords or a config upgrade issue that is causing the issue rather password expiry.

In my 2.5.5.47 config I had no reference to ageing but in 2.5.7.85+ I have "passwords aging 0 ", I wonder if there's an expiry bug we will see in the default ageing period (potentially 180 days). I'll keep my console cable handy.

I have the same issue on a SG250-26 with the firmware 2.5.8.15. After the update was finished, I switched the boot version with the new firmware, rebooted the device and I am unable to login. The password contains only alpha-numeric characters and an *

I saw a couple of what I believe that are related issues, after the firmware upgrade.

This is very annoying, because I personally don't have physical access to the switch. Also, the SG250 does not have CLI in order to reset the password, and you are only left with the option to reset the switch.

Maybe CISCO is trying now to force some users to buy more expensive devices.

Having this same exact problem right now. Though I updated the firmware quite some time ago. I've been able to log in and out with no problems for a long time.

Switches went offline due to a recent and prolonged power outage. Now I can no longer login to this specific switch with that specific FW.

I know that the config and password is good though because I can still contact the switch with a specific snmp string, and get specific outputs. Sadly it's RO access though.

In this case, it'd be really helpful if there were exploit code publicly available for the remote code execution vulnerability they announced last month. Hahah...