COMMAND
password forgeting...
SYSTEMS AFFECTED
CISCO (LocalDirector 1.6.3)
PROBLEM
At least three customers have reported losing their enable
passwords upon upgrading to version 1.6.3 of Cisco's LocalDirector
product. Affected systems allow users to enter privileged mode
without providing the correct enable password; any string will
suffice as a password. This applies only to the privileged-mode
enable password; the Telnet access password does not appear to be
affected. The reported behavior was total loss of the configured
enable password; the systems in question were simply left without
enable passwords.
CISCO came up with two scenarios in which a LocalDirector might
end up without an enable password when a user thought that it
should have such a password. The first possibility is that the
user confuses the password command, which sets the password for
remote access, with the enable password command, which sets the
password for administrative access. If this happened, there would
be no enable password, but the user might think one had been set.
The second scenario is particularly plausible in an upgrade. If a
user saved the configuration from a running LocalDirector by
saving the output of show config, and then erased the
LocalDirector's configuration memory, upgraded the software, and
pasted the saved configuration back into the system, the passwords
would be lost. This is because show config does not display any
password-related information.
Because a LocalDirector with no enable password set will accept
any string, either of these mistakes might easily go unnoticed for
a very long time. If a LocalDirector has no enable password, then
any person who can log into the system via Telnet or over its
console port can reconfigure or shut down the LocalDirector. This
appears to this point NOT to be software bug, but users error.
SOLUTION
Testing from the console and from a telnet session shows that the
properly set and written to memory password appears secure. If
you do, you probably shouldn't let people you don't trust with
your equipment on it in any way. Cisco in their advisory
discourages the use of other 1.6.x versions because of possible
software instability. Cisco recommends that customers take the
following steps:
1. Check to make sure that enable passwords are being enforced
by all LocalDirectors. If you find that a LocalDirector is
not enforcing its enable password, changing the password
using the enable password configuration command should
reactivate the password. Remember to save the new password
using the write memory command. Recheck password
enforcement after any software upgrade or downgrade.
If you are certain that a formerly working enable password
has been lost by the software, please contact Cisco via
e-mail to security-alert@cisco.com.
2. Make sure that you have configured a Telnet access password
for your LocalDirector using the password configuration
command. If you're not sure of the secrecy of your Telnet
password, consider changing it. Do not give untrustworthy
persons Telnet access to your LocalDirector.
3. Consider using firewalling devices to block Telnet access
from untrusted hosts, and/or restricting access from remote
hosts using the address-and-mask feature of the
LocalDirector telnet configuration command. If you have a
dial-in modem connected to your LocalDirector's console
port, or if you have the console port connected to a
network device that allows remote access, protect the
console using the authentication features of the modem or
network device to which it is connected.