Cisco passwords recognise trailing white spaces

We got bitten by a curious side effect of a feature of Cisco IOS recently which I felt was worth sharing. According to the Cisco Secure Router website, when enabling passwords (and secret passwords) on Cisco equipment:

Leading spaces are ignored but trailing spaces are recognized

What was interesting to me was the latter part about trailing white spaces. It may or may not be a well known fact but it was certainly not known to us. Now, take the following Cisco IOS command:

# enable secret NewPass9 ?

The inclusion of the question mark above allows you to take a look at any remaining parameters for the command you are entering, and it is very common to do this when you are new to Cisco systems. Now, consider that there are in fact no additional parameters for the enable secret command, so you go ahead and recall the above command, delete the question mark (i.e. press the backspace key once) and press Enter to commit the new password.

# enable secret NewPass9

Without realising it, you have now actually included a single space character in at the end of your password. Be careful out there!

Leave a Reply