Cisco ASA password protection

Posted on 2009-04-28
Last Modified: 2012-05-06
I just had a security audit, and the auditor just told me that our firewall had default passwords. I just looked at our configuration and did not find any. I am not a Cisco expert or even good at Cisco programming by any means so maybe I can get some help.

Here are the lines that I see regarding passwords:

enable password ******************* level 12 encrypted
enable password ******************* encrypted

passwd ********************* encrypted

username ****password ************************ encrypted privilege 15
username *********** password ***************** encrypted privilege 15
username ************ password ***************** encrypted

username *********** password ****************** encrypted
username *********** password *************** encrypted privilege 15

All of the usernames are custom. I have tried to log into it using cisco/cisco as the un/pw and it is denied.  Is there something that I am missing?
Question by:ryan80
    LVL 4

    Accepted Solution

    Try logging in with a non privileged user and try "enable".  If the enable password is "cisco", there is your culprit, and it is likely to be the line:

    enable password ***** encrypted
    LVL 12

    Author Comment

    ok, however i dont see any non priveledged users that would have a default user name. I dont know how they would get in even as a non priveledged user.

    Thanks I will check that enable password.
    LVL 4

    Expert Comment

    Your console connection may not be protected, so anyone could plug a cable into the back of your firewall and get to your configuration.  That may be what the auditor is concerned about.
    LVL 12

    Author Comment

    I check and the enable password is not the default one.  What password does this line refer to?

    passwd ********************* encrypted

    Also the console connection is not protected to get into non privlegeded mode, but it is in a protected room, and the evaluation was through a scan box, so I doubt that is the issue.  I dont see anything, unless he is talking about being able to access it through telnet from the inside, so it would be possible to intercept the password if you were able to capture traffic inside the network.

    Any other ideas?
    LVL 4

    Assisted Solution

    passwd *** encrypted is your telnet password when you connect

    I don't see what kind of authentication your are using, so I don't know if it's asking you for a username and password first or just the telnet password.
    LVL 12

    Author Closing Comment

    I checked on the telnet. It needs both a username and password and they are not set to default.  I will just wait until I see what the auditor says is actually wrong. While I dont think that the firewall is setup with best practices, I dont see any default passwords.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now