Details

Sets the password for users accessing privileged EXEC mode when they run the enable command.

Rationale:

The default device configuration does not require any strong user authentication enabling unfettered access to an attacker that can reach the device. A user can enter the default password and just press the Enter key at the Password prompt to login to the device. Setting the enable password causes the device to enforce use of a strong password to access privileged EXEC mode. Using default or well-known passwords makes it easier for an attacker to gain entry to a device.

Solution

Run the following to set the enable password.

hostname(config)#enable password level

The enable_password parameter should be the plain-text password used to log into the enable mode
If the privilege level is not configured, the default one is 15

Default Value:

By default, the enable password is blank.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3246

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

• 800-53|SC-12
• CSCv6|16.13
• CSCv6|16.14
• CSCv7|18.5

Source

• Tenable.com/audits