Header Only - DO NOT REMOVE - Extreme Networks

SecureStack/G/D-Series cannot Enter/Load Account Password if it Begins with an Exclamation Point


Userlevel 3
Article ID: 12380

Products
SecureStack C3, C2, B3, B2, A2; all firmware
G-Series, all firmware
D-Series, all firmware

Changes
Changed the login password for a user account using the 'set password newuser' command, which then prompts the user for the password.
The prompt input accepts a password string begining with the exclamation point ("!") character.

For example:
C3(su)->set password newuser
Please enter new password: !password
Please re-enter new password: !password
Password Changed.
C3(su)->[/code]Saved the configuration locally ('show config outfile...'), and then reloaded it ('configure configs...')(5623).

Symptoms
Any password having a "!" as its first character does not load into the configuration.
During the reload process, receive an error message:
Error: Missing value for "password"

For example:
******* Starting New configuration *******
>> set ip address 10.26.155.14 mask 255.255.255.0 gateway 10.26.155.1
>> set switch member 1 12
>> set system login newuser read-write enable password
:638e6cca9a2e70c4720d4c5102237166680bf4be198c2d47db2d6260d54ec8754f4dd056:
Error: Missing value for "password"[/code]Cause
If the user were to try entering the 'set system login' command using such a password...
C3(su)->set system login newuser read-write enable password !password
Error: Missing value for "password"[/code]...it would be observed that, because a " !" sequence is interpreted as the beginning of a comment, the password as entered is unrecognizable as such. If the user still wants the system to accept the "!" character as part of the input, the entire password substring should be enclosed within double-quotes (e.g. set system login newuser read-write enable password "!password").
Note! C3/B3/G/D firmware 6.03.04.0004 release notes state, in the 'Firmware Changes and Enhancements' section:
12702 Resolved an issue with the "set system login" command where the CLI accepted a password preceded with an "!" but errored out when restoring it from a saved config. Previously restoring the password caused the following message, "Error: Missing value for "password"" and the user was unable to login.

In the case of the 'set password...' command, the command editor parses it before the user is asked to enter the password string, hence it accepts the "!" character without any error reported.

Solution
An upcoming firmware release will change the format of the 'set password...' command so that it is similar to the format of the 'set system login...' command. That is, it will convey all parameters in the initial command - where the editor can check them - rather than eliciting further user prompts. This makes such passwords less likely to be problematic after the fact.

Any desired use of the exclamation point as the first character of a password will still require the use of double-quotes as password delimiters, as will be verified by the command editor for both the 'set password...' and 'set system login...' commands.

Contact the GTAC for an update, as necessary.

0 replies

Be the first to reply!

Reply