Details
Disables the password recovery
Rationale:
Disabling the password recovery is an additional physical control. It will prevent an attacker that will have circumvented all the physical safeguards and being in contact with the security appliance to change the existing login password, enable password and local user password and then hack the system.
Solution
Run the following to disable the password recovery:
hostname (config)# no service password-recovery
Default Value:
The password recovery is enabled by default
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.