cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
205
Views
0
Helpful
0
Replies

Password Setting Updates in Cisco Business Switches Firmware 3.2

CoreyP319
Cisco Employee
Cisco Employee

Heads up CBS250 & CBS350 users, the upcoming firmware update version 3.2 will contains updates to the password requirements. An article will be linked once published. Below is a snippet from that article highlighting the mandatory changes. 

 

These will apply to all new user accounts and any password changes made to existing user accounts.

  • New Rules cannot be disabled.

  • It will verify that the password is not from a list of known common passwords. This common password list was compiled by choosing the 10,000 most used passwords from a list of the 10,000,000 most common passwords. This list can be found on the github link.

  • No variations of the common passwords using upper/lower case or using the following character substitutions:

     

    "$" for "s", "@" for "a", "0" for "o", "1" for "l", "!" for "i", "3" for "e“

  • It will block passwords that include more than two sequential characters in a row (again looking for common substitutions and case). For example, if a password contains abc, it will be blocked as it has three sequential letters. So would @bc since there is the common substitution of the @ symbol for a. Similarly, cba will be blocked as it is sequential in reverse order. Other examples include “efg123!$”, “abcd765%”, “kji!$378”, "qr$58!230".

  • New password must not contain the username. For example, no “Admin548” for user admin.

  • New password must not contain the manufacturer name. For example, no C!sc0IsCool.

  • New password must not contain the product name. For example, no CBSCo0l$witch

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers