Cisco Bug: CSCuj84492 - etc/passwd contains poorly encrypted administrator passwords
Mar 03, 2018
- Cisco Unified Computing System
Known Affected Releases
1.4(0.14) 1.5(1f) 2.4(100.1)T
Symptom: After uprading to 2.0.1 or 2.0.1a, users have the ability to do a one-time migration to a better encryption scheme to store their passwords. As documented, after running the enable-secure-pw command from scope cimc, all the users that were created/modified in the previous releases are lost and default admin user's password gets reset to password. Any users you create are now protected with this envelope of industry standard security. As an unintended consequence of this migration though, ipmitool will be unable to understand the credentials stored in the new format, to access the Cisco IMC. The only credentials that you can use to run any ipmitool commands or queries will be with ''admin'' username and ''password'' as the password. ipmitool will not be able to recognise the users you create/modify, if you have migrated to secure password storage. We are working on fixing this ASAP. Conditions: This issue arises IF and ONLY IF you ran the ''enable-secure-pw'' command from inside scope cimc in releases 2.0.1 or 2.0.1a as an undesired side effect of the migration to the secure password storage. If you have not yet taken this action, we advise you refrain from executing this command. If you have, please refer to the workaround. listed in this CDETS. We are working to remove this side effect at the earliest without compromising on security.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases