Guest

Cisco 800 Series Routers

Field Notice: *Expired* FN - 20833 - Extra Usernames and Passwords in Config after Using CRWS


Revised June 4, 2008
September 26, 2002


NOTICE:

THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected

  • Cisco 806

  • Cisco 826

  • Cisco 827

  • Cisco 827-4V

  • Cisco 827H

  • Cisco 828

  • Cisco SOHO 71

  • Cisco SOHO 76

  • Cisco SOHO 77

  • Cisco SOHO 77H

  • Cisco SOHO 78

Problem Description

Multiple usernames and passwords may appear in the router configuration when the Cisco Router Web Setup (CRWS) application is closed from the Windows close button (the X button in the top right corner) instead of by using the close link provided in CRWS. This problem can also be caused when the connection from the PC running CRWS to the router is severed.

Background

The normal operation of CRWS is to create a telnet account (username and password) which is then used to make specified configuration changes. When CRWS is properly exited, this telnet account is closed and the username and password are deleted. If a user aborts the CRWS application by closing the window or by disconnecting the PC from the router instead of correctly closing the application, CRWS may not be able to delete this username and password and they will appear in the router configuration. Multiple occasions of stopping CRWS in this manner will result in multiple usernames and passwords in the configuration file.

Note: Randomized passwords are used each time CRWS creates a telnet account. The presence of these usernames and passwords does not pose any security risks, since each telnet account will have a unique password. These accounts will not work on other Cicso routers running CRWS.

Problem Symptoms

The symptom for this issue is that usernames and passwords will appear in the configuration file. An example is:

username Srini privilege 15 password 7
114D484120430D2D40257A2B1B162523425340535
A7B76796567
username Pgiri privilege 15 password 7
114D484120430D2D40257A2B1B162523425340535
2050D080403

Workaround/Solution

This is only a cosmetic issue and it poses no security risk. The extra usernames and passwords can be safely removed at any time.

No solution is required for this issue, however, it can be easily avoided if the following items are remembered.

  • Always close CRWS with the close button on the left side within the application.

  • Do not close the window on the PC while the CRWS application is still running.

  • Do not disconnect the PC from the router without first closing CRWS properly.

Future releases of CRWS will attempt to minimize the occurance of this issue, but it is impossible to address all situations. It has also been noted that this issue is more likely to occur when using Netscape than it is with Internet Explorer.

The CRWS telnet usernames/passwords are removed by issuing the command no username as shown in this example.

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no username srini

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.