OPERATIONAL DEFECT DATABASE
...
...
The command "key config-key password-encrypt " gives an error when a user attempts to put in a key with more than 128 characters: WLC(config)# key config-key password-encrypt % Key length less than 128 chars However, applying the same command without the key allows for 256 characters with no errors/warnings: WLC(config)# key config-key password-encrypt New key: Confirm key: This command successfully encrypts passwords with the long key with no errors. When changing any password (PSK, RADIUS key, etc.), WLC shows unable to decrypt the password and configuration does not change. When rebooting WLC or failing over to standby, decryption errors are shown and passwords/encryption disappears.
9800-CL / 9800-L Tested on 17.3.6, 17.3.7, 17.9.2, and 17.9.3 - same results on these versions The following command shows no errors/warnings: WLC(config)# key config-key password-encrypt New key: Confirm key:
Use a key shorter than 128 characters. If configured key is already > 127 characters, remove encryption and reconfigure passwords.
Applying "key config-key password-encrypt" without the key in this initial command should not allow users to configure a key longer than 127 characters and should display a warning when attempted.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
