Welcome to the VanDyke Software Forums

Join the discussion today!

Go Back   VanDyke Software Forums > Scripting

Thread Tools Rate Thread Display Modes
Old 03-24-2018, 01:58 PM
fred.reimer fred.reimer is offline
Registered User
Join Date: Feb 2018
Posts: 2
Password Encoding

I am trying to do something that I'm sure others have done before: automate login using the password saved in the session configuration. SecureCRT automatically logs on, but for certain devices, such as Cisco IOS or firewalls, you have to "enable" to use all commands. There is no way I know of to configure SecureCRT to enter the password using Logon Actions, and I don't want to:
1) Hard-code the password in the Logon Actions
2) Have to change the password manually in the Logon Actions

So, I can script it. However, as the examples show, when you pull the password from the session configuration in the script it is encoded. What is this encoding, and how do we decode the password so that the script can send it in the session when appropriate?
Reply With Quote
Old 03-25-2018, 10:33 AM
bgagnon bgagnon is offline
VanDyke Technical Support
Join Date: Oct 2008
Posts: 4,207
Hi fred.reimer,

I have added this thread to a feature request in our product enhancement database for a substitution database for logon actions. ‏Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct email notification, send an email to support@vandyke.com and include "Feature Request - Forum Thread #13062" in the subject line or use this form from the support page of our website.

VanDyke Software
Technical Support
(505) 332-5730
Reply With Quote
Old 03-25-2018, 11:07 AM
fred.reimer fred.reimer is offline
Registered User
Join Date: Feb 2018
Posts: 2
Thanks Brenda!

I searched the forum and on popular search engines, and found the Blowfish encryption that was used pre "V2" password encryption no longer works with V2 passwords. I understand, but don't necessarily agree with, the stance on not providing a decrypt capability for passwords. I don't necessarily need that, and allowing some option to inject the password in a login script in Logon Actions would do just fine.

I would note as others have that simply possessing an INI file is really all you need. It would be relatively easy to fake the target and gather the password that way, if that's what an attacker is really after. Obviously my use-case is different, and I just want an ability to "completely" login using Logon Actions (or scripts).

Thanks again for submitting the enhancement request. I think the ability to inject the password in a Logon Action would give people what they need, without the need to provide "decrypt" capability to address VanDyke's concerns.

Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -6. The time now is 05:50 PM.