Hi

Timothy Quinn · ‎03-14-2016

I have discovered a bug in on my IOS router when I use Cisco Configuration Professional to add / edit users. I don't have physical access to the server so I prefer to use CCP as I can take a slow and steady approach. I'm not sure if this bug is in IOS or in CCP.

The issue I have discovered is when I use long passwords, IOS will ignore a new account creation or even worse delete an existing user. It took a long time to figure this out as I like to use long and strong passwords. In CCP, it appears to the user like the new user creation / edit was a success and the commands delivered but when I save the configuration to a file and view it externally, the created/edited account is gone; If the account already existed, its deleted silently! There is no warning from the GUI besides the canned warning about level 15 accounts being changed while logged in.

I have narrowed the bug to password length where it fails when passwords are greater than 25 characters and It does not matter what characters are entered.

Any suggestions on how to report this and possibly get it resolved. This type of silent bug is not only counter intuitive but a great eater of time and quite dangerous.

Mark Malone · ‎03-15-2016

Hi

That maybe a limitation of IOS some are restricted in password length , its 64 on newer IOS versions 15 , what model ios version are you trying to set this on ?

have you tried first to set the minimum / maximum password length

security passwords min-length ---max-length

to report it you need to go through TAC if your sure its a bug they will raise with DE/BU to fix but the likes of me3400s and other routers only support max 1-25 characters in secret passwords by default so it may not be a bug

IOS router fails silently with passwords greater than 25 characters