Cisco Type 7 Password Decrypt / Decoder / Crack Tool

The Firewall.cx Cisco Password Decoder Tool (see below) provides readers with the ability to decrypt 'Type 7' cisco passwords.

For security reasons, we do not keep any history of decoded passwords.

Ensure you only enter the encrypted password. For example, for the code below, you would paste the yellow highlighted portion. Do not include anything before the encrypted password.

username fcx password 7 0709285E4B1E18091B5C0814

When ready, click on the Submit button. The system will then process and reveal the text-based password. Ensure there are no space characters in front of your encrypted password.

More Information On Cisco Passwords and Which can be Decoded

Back in late 1995, a non-Cisco source had released a program that was able to decrypt user passwords (and other type of passwords) in Cisco configuration files.

This new program was a major headache for Cisco since most users were relying on Cisco's equipment for their repulation of strong encryption and security capabilities. What users were not aware was that there are two different type of encryption mechanisms used by Cisco's IOS, one which was reversable (Type 7 Passwords) and one which is not (Type 5).

Even until today, administrators and users still make use of the weaker Type 7 passwords, mainly because they aren't aware that these passwords can be decrypted.

Knowing what Can and Cannot be Decrypted

It is important to understand that only the following type of passwords are able to be decrypted. Thefollowing examples show which common areas Type 7 passwords are used in Cisco equipment:

User Passwords

Used to create users with different privilege levels on Cisco devices.

 Enable Password

Used to gain elevated access on the Cisco device.

 Access Point SSID Keys

Used to configure the SSID key on a Cisco wireless access point:

If wpa-psk ascii 0 is used then the ascii text that follows is clear text and its not encrypted.

Encryption Methods That Cannot be Decrypted

As opposed to Type 7 Passwords which can easily be decrypted, Secret 5 passwords cannot be decrypted as the password has ben hashed with MD5. This is also the recommened way of creating and storing passwords on your Cisco devices.

Following are a number of examples where Secret 5 passwords can and should be used:

User Passwords

Enable Password

Unfortunately Access Point SSID Keys do not support Type 5 passwords. This means that any passwords configured into the access point should be stored in a safe place.

 We trust the information was valuable and hope users will stop using Type 7 Passwords in mission critical equipment.