OPERATIONAL DEFECT DATABASE
...
...
When there originally is configuration like below, --- username user1 common-criteria-policy CCP1 secret 9 aaa common-criteria policy CCP1 min-length 8 (snip) ---(password here is cisco123) The password can be overwriten with 'username user1 common-criteria-policy CCP1 secret ' command. When the new password(cisco, for example) violates the common-criteria policy, --- Switch(config)#username user1 secret cisco % Password length is less than minimum length configured --- the message like the above appears. In normal condition, it can be renewed with a further new password like below: --- Switch(config)#username user1 common CCP1 secret cisco1234 Switch(config)# --- In problematic condition, it can not --- Switch(config)#username user1 common CCP1 secret cisco1234 ERROR: Can not have both a user password and a user secret. Please choose one or the other. Switch(config)# --- As a result, the credential gets unavailable because it does not have any password.
- 16.12.5 or later. - service password-encryption is enabled. - aaa common-criteria policy is used.
- Using 'no username user1' command and remaking the account 'user1'. or - Using 16.12.4 or earlier.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
