Cisco ASA password protection

I just had a security audit, and the auditor just told me that our firewall had default passwords. I just looked at our configuration and did not find any. I am not a Cisco expert or even good at Cisco programming by any means so maybe I can get some help.

Here are the lines that I see regarding passwords:

enable password ******************* level 12 encrypted
enable password ******************* encrypted

passwd ********************* encrypted

username ****password ************************ encrypted privilege 15
username *********** password ***************** encrypted privilege 15
username ************ password ***************** encrypted



username *********** password ****************** encrypted
username *********** password *************** encrypted privilege 15


All of the usernames are custom. I have tried to log into it using cisco/cisco as the un/pw and it is denied.  Is there something that I am missing?
LVL 12
ryan80Asked:
Who is Participating?
 
lkravenCommented:
Try logging in with a non privileged user and try "enable".  If the enable password is "cisco", there is your culprit, and it is likely to be the line:

enable password ***** encrypted
0
 
ryan80Author Commented:
ok, however i dont see any non priveledged users that would have a default user name. I dont know how they would get in even as a non priveledged user.

Thanks I will check that enable password.
0
 
lkravenCommented:
Your console connection may not be protected, so anyone could plug a cable into the back of your firewall and get to your configuration.  That may be what the auditor is concerned about.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ryan80Author Commented:
I check and the enable password is not the default one.  What password does this line refer to?

passwd ********************* encrypted



Also the console connection is not protected to get into non privlegeded mode, but it is in a protected room, and the evaluation was through a scan box, so I doubt that is the issue.  I dont see anything, unless he is talking about being able to access it through telnet from the inside, so it would be possible to intercept the password if you were able to capture traffic inside the network.

Any other ideas?
0
 
lkravenCommented:
passwd *** encrypted is your telnet password when you connect

I don't see what kind of authentication your are using, so I don't know if it's asking you for a username and password first or just the telnet password.
0
 
ryan80Author Commented:
I checked on the telnet. It needs both a username and password and they are not set to default.  I will just wait until I see what the auditor says is actually wrong. While I dont think that the firewall is setup with best practices, I dont see any default passwords.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.