cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4444
Views
0
Helpful
13
Replies

Password reset after upgrade to mcu v4.4_3.42

gfolens
Level 4
Level 4

Apparently the password of the admin account is reset to default = empty after upgrading the MCU from v4.3 to v4.4_3.42.

This behaviour is not documented in the release notes.

For me this is a security issue.

13 Replies 13

Patrick Sparkman
VIP Alumni
VIP Alumni

Admin password stayed for me.  However I did rename the admin user itself to something else than default though,

crisalex
Cisco Employee
Cisco Employee

Hi,

This should not happen under normal circumstances and I am also not aware of any bug opened for this issue.

Can you replicate this issue and raise a TAC case for it if the issue still persist? If this is the case I would recommend sending to us the confrguration.xml file so we can replicate the issue and the exact sw versions that you are using,

Regards

Cristian

Jason Neurohr
Level 1
Level 1

I had this happen on two seperate MCU's, however both were running with the factory default username/password combo. After the upgrade they were both changed to blank, I haven't attempted to reproduce it if the admin password has been altered from the factory default before doing the upgrade.

I could reproduce this problem on a 4501 MCU. After upgrade the password was reset to default = empty...

Unfortunately I do not have time to open a TAC case for this.

Is there a way to open a security advisory with TAC case?

rgds, Geert Folens

HI,

     In order for to be able to reproduce it can you please let me know the previous sw version that you were using_ we can give it a try in our lab.

     Also can you send me the configuration file ? ( you can send this to crisalex@cisco.com

Regards

Cristian

The MCU was runing: codian_mcu4500_4.3_2.18 before the upgrade.

Thanks Gert,

      Not able to replicate this so far ( I have tried it on an 4505 unit ( I do not have an 4501 unit available but it's very unlikely this to be a hardware related issue )

Can you please send me your config file ? ( use crisalex@cisco.com)

PS : do you use any special characters in the password that I should be aware of ?

Regards

HI Gert,

I would be very much intrested to replicate this issue.

Kindly asked if possible to send me your config file

Regards

Hi,

I have also observed this, the workaround i used was backup config>>upgrade>>Reload config.

Hope this helps

Jamie

Would you be happy to send me your config file before the upgrade? My email is katcurri@cisco.com .

We haven't managed to produce the exact issue you describe.

Thanks,

Katrina

We have openede CSCue55386 for this issue

Regards ,

Cristian

Just wanted to say we upgraded some 45xx, 8420, 8510 from 4.3 to 4.4 without any issues,

containing only the ascii charset as passwords.

Would be interesting to know which MCUs and which kind of passwords were used when it failed.

Please remember to rate helpful responses and identify

The bug that Cristian mentioned is now customer viewable and available on the bug toolkit, you can find it at CSCue55386

Hopefully this will help everyone with this issue.

Regards,

Katrina