1.1.1 Ensure 'Logon Password' is set

Information

Changes the default login password.

Rationale:

The login password is used for Telnet and SSH connections. The default device configuration does not require any strong user authentication enabling unfettered access to an attacker that can reach the device. A user can enter the default password and just press the Enter key at the Password prompt to login to the device. Setting the login password causes the device to enforce use of a strong password to access user mode. Using default or well-known passwords makes it easier for an attacker to gain entry to a device.

Solution

Run the following to set the login password.

hostname(config)#passwd <login_password>

The login_password parameter should be the plain-text password used to log into the system

Default Value:

The default password is 'cisco'.

8.4(2)

The SSH default username is no longer supported; you can no longer connect to the ASA using SSH with the pix or asa username and the login password.

9.0(2), 9.1(2)

The default password, 'cisco,' has been removed; you must actively set a login password. Using the no passwd or clear configure passwd command removes the password; formerly, it reset it to the default of 'cisco.'

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CSCv6|16.13, CSCv6|16.14, CSCv7|4.2

Plugin: Cisco

Control ID: b92a8680d90235d7d529c5d97de9503fb2304a4fe7a44db164c05615dce0c48b