1.4.3 Set 'username secret' for all local users

Information

Use the username secret command to configure a username and MD5-encrypted user password. MD5 encryption is a strong encryption method that is not retrievable; thus, you cannot use MD5 encryption with protocols that require clear-text passwords, such as Challenge Handshake Authentication Protocol (CHAP).
The username secret command provides an additional layer of security over the username password. It also provides better security by encrypting the password using non reversible MD5 encryption and storing the encrypted text. The added layer of MD5 encryption is useful in environments in which the password crosses the network or is stored on a TFTP server.

Solution

Create a local user with an encrypted, complex (not easily guessed) password.
hostname(config)#username <LOCAL_USERNAME> secret <LOCAL_PASSWORD>

See Also

https://workbench.cisecurity.org/files/508

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|16.4

Plugin: Cisco

Control ID: d73379f3204f843064d996177a9a4a1c507c1a34fb23c514cc0ea4f969dd5c7f