GS1920-24 - Encrypt switch-password in config backup file

Eric_
Eric_ Posts: 20  Freshman Member
edited April 27 in Switch-Ideas
The configuration-backupfile of a GS1920-24 with 4.50 (AAOB.2) installed, contains the switch-password in clear text. Please encrypt the password.

0
0 votes

Completed · Last Updated

Implement on 4.70 patch 2 firmware

Comments

  • Zyxel_Jonas
    Zyxel_Jonas Posts: 65  Zyxel Employee
    Hi @Eric_,

    Regarding this case, the design for the password is a clear text due to GS1920 series doesn't have a restore configuration button on the panel.
    Just in case a user forgotten the password, the user still could check the backup configuration file for the password.
    If the password is encrypted the only way to access the switch again is to send the device to the reseller and progress RMA process.

    But for the new generation of GS1920 v2 series, we will enhance the password to be encrypted.
    Because we already added a "Restore" button on the panel to restore the configuration back to default.

    Thanks for supporting Zyxel!
    Jonas
  • alehzn
    alehzn Posts: 30  Freshman Member

    Hi @Zyxel_Jonas

    as the password is still in cleartext within the backup file, I am wondering when this will be fixed?

    Problem is on GS1920-24Pv2 running the latest firmware.

    Thanks.

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 273  Zyxel Employee

    Hi @alehzn


    We've already put resource for it.

    It's certain to have this enhancement in future release.

    The schedule is now open, we will keep update.


    Zyxel_Lucious

  • FrankLauer
    FrankLauer Posts: 33  Freshman Member
    Any news on that?

    In that time we are living now plain passwords in backup files really should be avoided.
  • Nebula_Jason
    Nebula_Jason Posts: 267  Zyxel Employee
    Hi @FrankLauer,

    The feature is in our road map and the release schedule is around the end of March this year.
    Please stay tune with our News on Community.  B)

    Please note that there will have a new option for the user to choose encrypting the password or not, so remember to enable it and save after the Switch upgrade to the next new firmware.

    Jason
  • Nykaer
    Nykaer Posts: 1
    Release V4.50(AAOC.3) | 05/20/2020, still contains clear-text passwords..  
  • Nebula_Jason
    Nebula_Jason Posts: 267  Zyxel Employee
    edited April 29
    Hi @Nykaer,

    Since the firmware version you mentioned is for GS1920v1 which is already EOL.
    Therefore, as we mentioned above, this new enhancement will be applied to V4.70 patch 2 firmware for GS1920v2 series.

    Thanks.
    Jason
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!