1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Sets the privilege level for the user.


Default device configuration does not require strong user authentication potentially enabling unfettered access to an attacker that is able to reach the device. Creating a local account with privilege level 1 permissions only allows the local user to access the device with EXEC-level permissions and will be unable to modify the device without using the enable password. In addition, require the use of an encrypted password as well (see Section - Require Encrypted User Passwords).


Organizations should create policies requiring all local accounts with 'privilege level 1' with encrypted passwords to reduce the risk of unauthorized access. Default configuration settings do not provide strong user authentication to the device.


Set the local user to privilege level 1.

hostname(config)#username <LOCAL_USERNAME> privilege 1

See Also