USG 60 and ZyWALL 110 firmware 4.30 and 4.31 password must change; after change can not log in

Lucas_IT
Lucas_IT Posts: 1  Freshman Member
Fifth Anniversary
edited April 2021 in Security
Hi

We have a lot of customers with USG and ZyWALL's running. Now we have found a "bug" in the 4.30 and 4.31 firmware!!
When these firmware's are loaded the function "Password must change every 180 day's" is auto ON...
This is not so bad, but after we change the admin password and want to log in with the new admin password, is tell's us it is the wrong password :(

We have tried a lot of things: old password, default password, different browsers, reboot, connect with Terminal and tried to log in with old, new and default password, but no succes.

We had this now 2 times, with an USG60 and ZyWALL110, please investigate/help us with this, we have to reset the devices now..... 
«134

All Replies

  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited July 2018

    Hi @Lucas_IT

    I just changed the password few days ago, and seems without this kind of issue. B)

    Did you forget the correct password? Or did your IP address has locked out by USG?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Lucas_IT

    Welcome to Zyxel community. :)

    Is there any username with “admin” in prefix? Just like these name:

    admin_amy

    adminabc

    admin123

  • ITB
    ITB Posts: 1  Freshman Member
    First Comment
    edited July 2018
    Hi
    I have exactly the same problem with an ZYWALL 110 and USG20W-VPN...
    There are no username with "admin" in prefix
  • PaulSeeber
    PaulSeeber Posts: 2  Freshman Member
    First Comment Fifth Anniversary
    Hi there,
    we have hundreds of USG's out there and had exactly the same problem with a handful of devices over the last weeks. There was no chance to log in after (forced) password change - we had to reset and rebuikd the devices :-(
    Too bad... Would be nice if ZyXEL came with some explanation or solutions.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @ITB and @PaulSeeber

    I will discussing this issue with you by private message.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Luaks_IT, @ITB, @PaulSeeber

     You can follow these steps to backup device running config by serial connection:

    1.      Reboot device

    2.      Enter debug mode and type “atkz –b”

    3.      Use “atgo” booting device


    4.      Now device will reset system-default configuration and backup old startup-config.conf to “startup-config-back.conf”


    5.      After device boot up, download “startup-config-back.conf” to replace admin’s password.

    a.)Find out the below CLI(prefix with “username admin encrypted-password”) in “startup-config-back.conf”

    username admin encrypted-password $4$encryptedpasswordencryptedpassword$ user-type admin

    b.)Replace CLI to……

    username admin password yournewpassword user-type admin


    6.      Save and rename startup-config-back.conf, upload to device and apply it.

  • PaulSeeber
    PaulSeeber Posts: 2  Freshman Member
    First Comment Fifth Anniversary

    Hi Zyxel_Stanley,

    we again had the same situation: admin-password was xxxxxxxxxxxxx$ and we where forced to change it and did so to xxxxxxxxxxxxx$$ or xxxxxxxxxxxxx$!. Maybe is it the password length or the special characters?! We noticed that changing it back to e.g. 1234 would not result to the same problem.

    After again being locked out we tried your suggested steps and it worked like a charm! That's great - many thanks to you

    Kind regards, Paul Seeber


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Really thanks for your remind of it.
    The symptom has been confirmed and resolved. This issue will fixed in next firmware release.
  • Andrea
    Andrea Posts: 1  Freshman Member
    First Comment
    Same problem here on 2 usg60 and one usg40, the problem seems related to the forced change of password ending with special characters. I found out that i can login deleting the last 2 special characters of the newly changed password. Eg if the new password is abc123$! i can login with abc123
    USG 60 with V4.31(AAKY.0) firmware.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @Andrea
    Really thanks for your remind of it.
    The symptom has been confirmed and resolved. This issue will fixed in next firmware release.

Security Highlight