Forcing default users password change

This feature is introduced in SLX lately for hardening the security of management plane.

From the release of 20.3.1 configuration is available in SLX to force the password change of default users root, admin and user. By enabling this configuration when default users root, admin and user logs in for first time on SLX they are prompted to change the default password.

The default password for default admin and default user are default config options and the default password for root user is present in the factory settings of the device.

Note

Note

The user is not allowed to login without changing the password upon first login for these users when this configuration is present.

The configuration to enable default user password change is as below.

SLX(config)# password-attributes force-default-password-change

Forcing default password change can prevent brute force attackers to enter the system and corrupt the file system via access to accounts like root. The password age of users other than root can be globally set from release 20.3.1 via the configuration command below.

SLX(config)# password-attributes max-password-age 100
In the above example global password age for all users other than root is 100 days. The age can be specified in the range 0 to 999 days where 0 disables password aging, where a password would never expire.

By having this configuration, a user after login is prompted to change the password after the specified number of days have expired, when the password was last modified.