Ethernet Switches & Routers

Reply
Brocadian
Posts: 3
Registered: ‎06-17-2016

Is enable super-user-password <> command mention password is encrypted or not

Hello,

 

Does "enable super-user-password <>" command mention password is encrypted or not?

If not then how we can encrypt it?

I have follwing devices with IOS

ICX7250 / ICX7450

SPR08030h.bin

 

Brocade Moderator
Posts: 201
Registered: ‎06-30-2010

Re: Is enable super-user-password <> command mention password is encrypted or not

Hi,

 

When password is stored in configuration this will be stored as all password are as encrypted and will not be shown in clear in the configuration

 

enable super-user-password .....

username fallback password .....

Hope this helps

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Brocadian
Posts: 3
Registered: ‎06-17-2016

Re: Is enable super-user-password <> command mention password is encrypted or not

Thank you very much Mick for quick support.

 

But our customer facing problem with syslog server.

Problem staement as below :

Customer has syslog server.  While setting up super-user password it is being captured in syslog as clear text password, anybody having access syslog would have customer password. Hence they want it should not seen as clear text e.g.

 

Log captured in syslog -

10.19.44.65

patelk20

[ CmdAV=enable super-user-password A1ph@b#ta <cr> ]

Expected log format -

10.19.44.65

patelk20

[ CmdAV=enable super-user-password 587491749657205720572073037-4!!!$$%&###&*#!!!@23323 <cr> ] - Unreadable format passowrd

 

Does do we have any solution to this issue? or How we can resolve this case

Brocade Moderator
Posts: 201
Registered: ‎06-30-2010

Re: Is enable super-user-password <> command mention password is encrypted or not

Hi,

 

The output you have provided would seem to indicate that this device is configured for AAA (TACACS+ or RADIUS) and is also configured with AAA accounting for commands e.g.

 

aaa accounting commands 0 default start-stop tacacs+

 

This will mean that every command typed in device will be logged in AAA accounting log, including any commands which are typed which include passwords.  I presume the logs you have enclosed are from AAA accounting log, perhaps ACS?

 

So this would be expected behaviour

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.