USG 60 and ZyWALL 110 firmware 4.30 and 4.31 password must change; after change can not log in

24

All Replies

  • ScrambledEggs
    ScrambledEggs Posts: 1
    First Comment
    edited October 2018
    Easiest solution (FW is malfunctioning and version 4.30 AAPH0 installed, 4.31 solves this bug!)

    NO NEED TO BACKUP AND RESTORE THE SYSTEM CONFIG NOR TO RESET IT TO STANDARD SETTINGS.

    Connect using Serial Cable.
    Login to CLI.
    "configure terminal" to activate the config mode
    "no pwd-expiry force-to-change-pwd activate" to DEactivate this problem causing feature
    "write" to write the config.
    "exit" to logout.
    "shutdown" to halt the system and restart it with the new setting active.
    Log in to web console.
    Change the password.
    Install the FW-Update 4.31.
    Log in to CLI
    "configure terminal" to activate the config mode
    "pwd-expiry force-to-change-pwd activate" to activate this feature again.
    "write" to write the config.

    That's it, enjoy :) !

    Instead of deactivating the force-to-change-pwd you can simply add a new admin-user to temporarely log in.
    username [username] password [password] user-type admin


  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2018
     
    If the password is expired, user is not able to login to the device and use the CLI you mentioned.
    That's why we offer the SOP to back up the configuration file. 
    If you meet the same issue because the password is expired, follow the FAQ to recover the configuration and set a new password.

    Then upgrade to the next firmware release 4.33 to avoid the password issue in the future.
  • Good morning, I have the same problem the system asked me to change the password the 21/12/2018, the new one I added the $ symbol. from that moment I can no longer enter

    I find it absurd that there is no password recovery system.
    Now we are forced to reset the system with serious repercussions on our customers.

    I am really disappointed by this policy not of Zyxel that obliges the exchange of the password

    I believe that programmers should check whether by entering a password with a symbol and specifically the $ is not correctly interpreted by the firewall.

    USG310

    Greetings
    RM

    google translate
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @RMsistemi,

     

    If you meet the same issue because the password is expired, follow the FAQ to recover the configuration and set a new password.

    FAQ:

    How to backup running configuration if forgot password?

    Then upgrade to the next firmware release 4.33 to avoid the password issue in the future.

    The firmware 4.33 will be released in Jan. 2019.


  • PiGi
    PiGi Posts: 1
    First Anniversary First Comment
    Hi, someone know the hash method used to encrypt password in the config file ?
    $4$ could be sha1, but the lenght is not correct.


  • mbuehler
    mbuehler Posts: 1
    Friend Collector First Comment

    Hi @Lucas_IT

    Welcome to Zyxel community. :)

    Is there any username with “admin” in prefix? Just like these name:

    admin_amy

    adminabc

    admin123

    Hi @Zyxel_Stanley - I have exactly this issue and user name is "admin". Any other solution than resetting and restore config?

    PS: Don't need to mention that this absolutely unacceptable for a product like this - for me a reason to never buy Zyxel again...

    Br Markus
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @mbuehler

    This kind of issue does not exist in the current formal released firmware version (4.33), we had fixed it. 

    If you meet the same issue(cannot login) because the password is expired, have to follow the FAQ to recover the configuration and set a new password.

  • Just ran into this issue. This is totally unacceptable. Forcing me to change a password is one (annoying) thing, but having a bug in a login module is totally not cool.

    I'm using a password with more than 1 $ in it. No combination of leaving one or more out seems to work. Any ideas on other characters to strip???

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2019

    Hi @CentioRS


    You can follow the link below to recovery password first.

    This issue was fixed in the current release and I’ll send the firmware to you via private message.

     

    How to backup running configuration if forgot password?

    https://businessforum.zyxel.com/discussion/1558/how-to-backup-running-configuration-if-forgot-password

     

  • I know of these instructions. No problem there.

    What I really am asking is to tell me/us what goes wrong with the password. So I can reconstruct the correct password from the one I have. Saves me a trip to the affected customers and the downtime.

Security Highlight