USG 60 and ZyWALL 110 firmware 4.30 and 4.31 password must change; after change can not log in

Lucas_IT

Hi

We have a lot of customers with USG and ZyWALL's running. Now we have found a "bug" in the 4.30 and 4.31 firmware!!
When these firmware's are loaded the function "Password must change every 180 day's" is auto ON...
This is not so bad, but after we change the admin password and want to log in with the new admin password, is tell's us it is the wrong password

We have tried a lot of things: old password, default password, different browsers, reboot, connect with Terminal and tried to log in with old, new and default password, but no succes.

We had this now 2 times, with an USG60 and ZyWALL110, please investigate/help us with this, we have to reset the devices now..... 

CHS

Hi @Lucas_IT

I just changed the password few days ago, and seems without this kind of issue.

Did you forget the correct password? Or did your IP address has locked out by USG?

Zyxel_Stanley

Hi @Lucas_IT

Welcome to Zyxel community.

Is there any username with “admin” in prefix? Just like these name:

admin_amy

adminabc

admin123

ITB

Hi
I have exactly the same problem with an ZYWALL 110 and USG20W-VPN...
There are no username with "admin" in prefix

PaulSeeber

Hi there,
we have hundreds of USG's out there and had exactly the same problem with a handful of devices over the last weeks. There was no chance to log in after (forced) password change - we had to reset and rebuikd the devices :-(
Too bad... Would be nice if ZyXEL came with some explanation or solutions.

Zyxel_Stanley

Hi @ITB and @PaulSeeber

I will discussing this issue with you by private message.

Zyxel_Stanley

Hi @Luaks_IT, @ITB, @PaulSeeber

 You can follow these steps to backup device running config by serial connection:

1.      Reboot device

2.      Enter debug mode and type “atkz –b”

3.      Use “atgo” booting device

4.      Now device will reset system-default configuration and backup old startup-config.conf to “startup-config-back.conf”

5.      After device boot up, download “startup-config-back.conf” to replace admin’s password.

a.)Find out the below CLI(prefix with “username admin encrypted-password”) in “startup-config-back.conf”

username admin encrypted-password $4$encryptedpasswordencryptedpassword$ user-type admin

b.)Replace CLI to……

username admin password yournewpassword user-type admin

6.      Save and rename startup-config-back.conf, upload to device and apply it.

PaulSeeber

Hi Zyxel_Stanley,

we again had the same situation: admin-password was xxxxxxxxxxxxx$ and we where forced to change it and did so to xxxxxxxxxxxxx$$ or xxxxxxxxxxxxx$!. Maybe is it the password length or the special characters?! We noticed that changing it back to e.g. 1234 would not result to the same problem.

After again being locked out we tried your suggested steps and it worked like a charm! That's great - many thanks to you

Kind regards, Paul Seeber

Zyxel_Stanley

Hi @PaulSeeber

Really thanks for your remind of it.

The symptom has been confirmed and resolved. This issue will fixed in next firmware release.

Andrea

Same problem here on 2 usg60 and one usg40, the problem seems related to the forced change of password ending with special characters. I found out that i can login deleting the last 2 special characters of the newly changed password. Eg if the new password is abc123$! i can login with abc123
USG 60 with V4.31(AAKY.0) firmware.

Zyxel_Stanley

Hi @Andrea

Really thanks for your remind of it.

The symptom has been confirmed and resolved. This issue will fixed in next firmware release.