What is the purpose of Enable Password?

hix18hix18 Posts: 16Member ■□□□□□□□□□
Hi,

I have been trying to find the answer for this question :

What is the purpose of Enable Password if we already configured
Enable Secret? Why do we need to put both of this in our command?

Note : Enable password is a clear text password to be able to access to privillage mode but if you put Enable secret (using hashing method to encrypt) is will basicly overide your Enable password. So you have both of this passwords set and when you need to go to privillage mode you will be using Enable secret.

Hope someone can explain to me.

Thanx
Here to learn.....

Comments

  • agustinchernitskyagustinchernitsky Posts: 299Member
    From what I read... is for compatibility for older IOS. Don't know why we have to use it, but, to be safe, you should... and should encrypt it too.
  • hix18hix18 Posts: 16Member ■□□□□□□□□□
    Ohh.. You mean that the old IOS does not support Enable Secret...
    Do you know which IOS version?

    thanx man
    Here to learn.....
  • hix18hix18 Posts: 16Member ■□□□□□□□□□
    Yup....you have solve my question

    Thanx man....
    Here to learn.....
  • agustinchernitskyagustinchernitsky Posts: 299Member
    Acording to Sybex CCNA guide:
    Password: Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.
    Secret: Is the newer, encrypted password that overrides the enable password if it’s set.

    It also recommends to encrypt the enable password and all user mode passwords:
    Router#config t
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#service password-encryption
    Router(config)#^Z
    Router#sh run
    Building configuration...
    Router#config t
    Router(config)#no service password-encryption
    Router(config)#^Z
    
  • forbeslforbesl Posts: 454Member

    It also recommends to encrypt the enable password and all user mode passwords:
    While it is good practice to encrypt all of your passwords, you need to know that (with the exception of the enable secret password) all passwords you encrypt using "service password-encryption" are easily cracked. The enable secret is the only password that uses an MD5 hash.
  • darkuserdarkuser Posts: 621Member
    if i run setup and am forced to set an enable pass,
    i usually set it to cisco and then immediately
    no enable pass ...... when i"m done with setup.
    rm -rf /
  • hix18hix18 Posts: 16Member ■□□□□□□□□□
    I also found out that the purpose for us to configure the both Enable
    password and Enable secret is because of security.

    Imagine you only configure Enable secret and someone downgrade ur IOS then you will not be able to login to your saved configuration.
    So that why it wise to configure both Enable password and Enable secret.

    Correct me if I'm wrong here....
    Here to learn.....
  • wildfirewildfire Posts: 654Member
    Imagine you only configure Enable secret and someone downgrade ur IOS then you will not be able to login to your saved configuration.
    So that why it wise to configure both Enable password and Enable secret.

    Nice try, but if someone can get it to downgrade the ios then either A. They already know the enable secret, or B. They are at the router and have done the password recovery procedure and have access anyway.

    The setup script has hardly changed between IOS's, If you dont use the setup script then its not a requirement to use the normal enable.
    Looking for CCIE lab study partnerts, in the UK or Online.
Sign In or Register to comment.