Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Built-in admin password change failure

So something very annoying happened. I was changing the password for the built-in administrator account. It accepted the change but now neither the old or the new password work. Looks like dashes in the password are not allowed but the appliance doesn't warn about this. So I'm locked out of the built-in account.

I have another user account that is part of the "Sonicwall administrators" group and I can access the appliance through SSH with this account. Is there any way to reset the built-in admin password through this account either through SSH or the local ESXi console? The command "admin password" requires the old password but neither one works. I guess the new password is mangled because of the dashes in the password, but no idea what it could be now.

If it's not possible I have the tedious work of factory reset and re-configuration to be done in the future. Luckily I have a a conf backup from last night but there are lots of changes made since then. From the CLI I can perhaps output the recent changes from this other account.

Category: Virtual Firewall
Reply

Answers

  • Ok I got in through the web UI and can at least export the configuration. But is there any way to fix the built-in admin account without factory reset?

  • I think I remember this happening previously with SSL-VPN where after changing the password in Mobile Connect the new password wasn't accepted. The appliance probably mangles or normalizes the dashes/hyphens somehow to a format that isn't recognized from the input afterwards.

    I tried the password with hyphens, dashes, underscores, forward slashes and whatever the third dash-like character is called that is on the standard keyboard layout. None worked but I wonder if it would work if I knew what the appliance thinks the character is or how it normalizes it during input and hashing.

    SonicOS really should validate the input better and not allow this. I just generated a new password from password manager without thinking any further and SonicOS didn't give any error about invalid input.

  • SaravananSaravanan Moderator

    Hi @SONICADMIN80,

    I can see that this behavior of the NSv is bit weird. I'll have this verified and get back to you.

    Please standby.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • I think the same can happen with a physical appliance, at least with SSL-VPN users when they change their password in Mobile Connect. Hyphens/dashes at least seem to be the issue, not sure if other special characters cause the issue.

    I would appreciate it if there's a workaround to avoid factory reset, perhaps inputting a different character or some sort of unicode or html string.

    I tried changing the password throught the CLI in both "user local" and "admin password" sections but I guess "user local" can't be used to reset the primary admin account and the other command requires the old password.

Sign In or Register to comment.