| VID |
29146 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS stores passwords without encryption. a network device stores passwords as plain text by default. So if a configuration file is leak, password information is also leak. So All passwords stored in the configuration file should be encrypted.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Encrypt all the passowrds as follows :
Router# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# enable secret <PASSWORD>
Router(config)# service password-encryption
Router(config)# ^Z
Router# |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
