Enable password and enable secret explained with an example lab
Enable password and enable secret commands to secure the privileged mode by configuring the password so whenever someone tries to enter into the privileged mode, they have to use the password to log in.
Both do a similar job however the only difference is that the enable password is stored in clear text so someone can clearly see the password configured on the device just by checking the running config or startup-config or someone watching from aside can easily steal the password.
In the below image, we can see that the password is visible in the router configuration.
On the other hand, enable secret encrypts the configured password by using MD5 hashing so only an authorized person who knows the password can use the Cisco device. If someone tries to check the configured password in the running or startup config then they will see the hash value instead of the password.
MD5 hashing is not easy to re-engineer so it’s a very powerful way to secure the password.
We can see in the image below that enable secret has the hash value in the device configuration.
If both are configured on the device then the user has to enter the secret because the secret is considered superior due to its ability to secure the password.
Although we can use the command service password-encryption to encrypt the enable password as well however that encryption is very easy to break.
Enable secret can only be configured on the privileged mode access, there are other passwords like telnet and aux line passwords which are also saved in the clear text so we can encrypt them by using the password encryption command.
Privilege mode is the mode that enables the user to check several configs on the device and the user can also perform some administrator tasks so that is the reason that enable secret is available for this mode.
For other VTY lines or aux lines password encryption is not required because anyone using these lines will have to enter the secret anyways when using the privileged mode on the Cisco device.
Exercise
Configure the Enable password on the device as Cisco
Configure the Enable secret as a Packet
Check the running configuration of the device and find out the difference between the two.
