1.1.2 Ensure 'Enable Password' is set

Information

Sets the password for users accessing privileged EXEC mode when they run the enable command.

Rationale:

The default device configuration does not require any strong user authentication enabling unfettered access to an attacker that can reach the device. A user can enter the default password and just press the Enter key at the Password prompt to login to the device. Setting the enable password causes the device to enforce use of a strong password to access privileged EXEC mode. Using default or well-known passwords makes it easier for an attacker to gain entry to a device.

Solution

Run the following to set the enable password.

HOSTNAME(CONFIG)#ENABLE PASSWORD <_enable_password_> LEVEL <_privilege_level>_

The enable_password parameter should be the plain-text password used to log into the enable mode

If the privilege level is not configured, the default one is 15

See Also

https://workbench.cisecurity.org/files/1903

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-12, CSCv6|16.13, CSCv6|16.14, CSCv7|18.5

Plugin: Cisco

Control ID: 6e6ff91dd2d436e3286962823d6d9cfca1f3ecc954836d621aa8fc001cda2e9c