Revised June 4, 2008
September 26, 2002
NOTICE:
THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Products Affected
-
Cisco 806
-
Cisco 826
-
Cisco 827
-
Cisco 827-4V
-
Cisco 827H
-
Cisco 828
-
Cisco SOHO 71
-
Cisco SOHO 76
-
Cisco SOHO 77
-
Cisco SOHO 77H
-
Cisco SOHO 78
Problem Description
Multiple usernames and passwords may appear in the router configuration when the Cisco Router Web Setup (CRWS) application is closed from the Windows close button (the X button in the top right corner) instead of by using the close link provided in CRWS. This problem can also be caused when the connection from the PC running CRWS to the router is severed.
Background
The normal operation of CRWS is to create a telnet account (username and password) which is then used to make specified configuration changes. When CRWS is properly exited, this telnet account is closed and the username and password are deleted. If a user aborts the CRWS application by closing the window or by disconnecting the PC from the router instead of correctly closing the application, CRWS may not be able to delete this username and password and they will appear in the router configuration. Multiple occasions of stopping CRWS in this manner will result in multiple usernames and passwords in the configuration file.
Note: Randomized passwords are used each time CRWS creates a telnet account. The presence of these usernames and passwords does not pose any security risks, since each telnet account will have a unique password. These accounts will not work on other Cicso routers running CRWS.
Problem Symptoms
The symptom for this issue is that usernames and passwords will appear in the configuration file. An example is:
username Srini privilege 15 password 7 114D484120430D2D40257A2B1B162523425340535 A7B76796567 username Pgiri privilege 15 password 7 114D484120430D2D40257A2B1B162523425340535 2050D080403
Workaround/Solution
This is only a cosmetic issue and it poses no security risk. The extra usernames and passwords can be safely removed at any time.
No solution is required for this issue, however, it can be easily avoided if the following items are remembered.
-
Always close CRWS with the close button on the left side within the application.
-
Do not close the window on the PC while the CRWS application is still running.
-
Do not disconnect the PC from the router without first closing CRWS properly.
Future releases of CRWS will attempt to minimize the occurance of this issue, but it is impossible to address all situations. It has also been noted that this issue is more likely to occur when using Netscape than it is with Internet Explorer.
The CRWS telnet usernames/passwords are removed by issuing the command no username as shown in this example.
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no username srini
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.