1.1.4 Ensure 'Password Recovery' is disabled

Information

Disables the password recovery

Rationale:

Disabling the password recovery is an additional physical control. It will prevent an attacker that will have circumvented all the physical safeguards and being in contact with the security appliance to change the existing login password, enable password and local user password and then hack the system.

Solution

Run the following to disable the password recovery:

hostname (config)# no service password-recovery

Default Value:

The password recovery is enabled by default

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CP-6, 800-53|CP-6(1), 800-53|CP-9, 800-53|SC-28, CSCv7|5.1

Plugin: Cisco

Control ID: d633f81bb541403c9898ba23479620232a022c11bc8b8d9f365d76886707ed20