What is the purpose of Enable Password?

Hi,

I have been trying to find the answer for this question :

What is the purpose of Enable Password if we already configured
Enable Secret? Why do we need to put both of this in our command?

Note : Enable password is a clear text password to be able to access to privillage mode but if you put Enable secret (using hashing method to encrypt) is will basicly overide your Enable password. So you have both of this passwords set and when you need to go to privillage mode you will be using Enable secret.

Hope someone can explain to me.

Thanx

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

agustinchernitsky

From what I read... is for compatibility for older IOS. Don't know why we have to use it, but, to be safe, you should... and should encrypt it too.

hix18

Ohh.. You mean that the old IOS does not support Enable Secret...
Do you know which IOS version?

thanx man

darkuser

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00801d7efa.shtml#topic2

hix18

Yup....you have solve my question

Thanx man....

agustinchernitsky

Acording to Sybex CCNA guide:

Password: Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.
Secret: Is the newer, encrypted password that overrides the enable password if it’s set.

It also recommends to encrypt the enable password and all user mode passwords:

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service password-encryption
Router(config)#^Z
Router#sh run
Building configuration...
Router#config t
Router(config)#no service password-encryption
Router(config)#^Z

forbesl

agustinchernitsky wrote:

It also recommends to encrypt the enable password and all user mode passwords:

While it is good practice to encrypt all of your passwords, you need to know that (with the exception of the enable secret password) all passwords you encrypt using "service password-encryption" are easily cracked. The enable secret is the only password that uses an MD5 hash.

darkuser

if i run setup and am forced to set an enable pass,
i usually set it to cisco and then immediately
no enable pass ...... when i"m done with setup.

hix18

I also found out that the purpose for us to configure the both Enable
password and Enable secret is because of security.

Imagine you only configure Enable secret and someone downgrade ur IOS then you will not be able to login to your saved configuration.
So that why it wise to configure both Enable password and Enable secret.

Correct me if I'm wrong here....

wildfire

Imagine you only configure Enable secret and someone downgrade ur IOS then you will not be able to login to your saved configuration.
So that why it wise to configure both Enable password and Enable secret.

Nice try, but if someone can get it to downgrade the ios then either A. They already know the enable secret, or B. They are at the router and have done the password recovery procedure and have access anyway.

The setup script has hardly changed between IOS's, If you dont use the setup script then its not a requirement to use the normal enable.