Pages

Tuesday, May 17, 2016

Reset Admin account on Security Center


The other day I got locked out of my admin account for the Security Center 5 from Tenable. In order to get back into the system I needed to reset the admin password. Below I show how to reset the admin password on Security Center 5. For this to work you must have elevated privileges, such as root.

Reset the admin account password
root@earth> sqlite3 /opt/sc/application.db "update userauth set password = 'bbd29bd33eb161d738536b59e37db31e' where username='admin';"
This command sets the admin password to password

Clear login failures.
root@earth> sqlite3 /opt/sc/application.db "update userauth set failedLogins='0' where username='admin';"

Unlock the admin account
root@earth> sqlite3 /opt/sc/application.db "update userauth set locked='0' where username='admin';"

After following these steps you will be able to login to the admin account with the password set to password. If you have any questions or comments please post them below.

7 comments:

  1. How do you set the password to something other than "password".
    Is this 'bbd29bd33eb161d738536b59e37db31e' a pre-generated hash from the word "password"?

    ReplyDelete
  2. @athkebei - for your second question, the answer is yes. I just did these commands on an SC4.7 system, and bbd29bd33eb161d738536b59e37db31e set the password to 'password'. As to your first question, I can't find the algorithm that will generate the same output from 'password' - I tried this site to no avail: https://decryptpassword.com/encrypt/. If you know which algorithm sqlite3 uses, then you should be able to generate any password you want.

    ReplyDelete
  3. The object of this post is to get back into Security Center after being locked out, not to set a password from the command line. I don't know what algorithm is used to generate the hash.

    ReplyDelete
  4. The hash is salted with "F2" and they use md5 for encryption. Sad!

    ReplyDelete
  5. Life saver! Thank you for posting this!

    ReplyDelete
  6. On SC 5, step 3 should be:
    sqlite3 /opt/sc/application.db "update userauth set locked='false' where username='admin';"

    Otherwise the web gui will complain that locked should be true of false not 0 the next time the password is changed.

    ReplyDelete
  7. As a note to anyone who ties the admin account to LDAP and the LDAP... no longer exists/is unreachable for some reason use this to set it back to local auth:

    sqlite3 /opt/sc/application.db "update userauth set authType='tns' where username='admin';"

    ReplyDelete