All Cisco device passwords are stored in cleartext in the configuration, by default. These passwords are visible to anyone that has permission to issue
Stored backup configuration files also have these passwords; therefore, anyone with access to these files will also have access to the router passwords. There are two commands for hiding passwords: service password-encryption is useful when storing configuration files on a server because it encrypts passwords before storing them. These passwords are unintelligible when write terminal or show running-config commands are issued. |