Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Subscribers 30 subscribers
  • Views 4720 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 17.5 MR12 Mandatory Password Reset Page???

S023A

We updated our Sophos XG Firewall to the latest firmware (17.5 MR12) last week. One of the local administrators logged in today to monitor the firewall and this appeared. 

 

Is this legitimate or can anyone send me an article about this from Sophos?

 

We already reset our local and device administrator password last April 2020 and again they are requiring us to change again our passwords.

 

Thank you in advance for those who will help. God bless us all.



This thread was automatically locked due to age.
Parents
  • 0

    Hello, 

    We are running Sophos XG with Firmware 17.5 MR-11 . 

     

    Today we saw the same screen "Mandatory Password reset" on our firewall. 

     

    Can anyone please confirm that this is legitimate action by Sophos pushed by the Company itself. because we got no information from Sophos.

     

    we would like to mention that our device was recently compromised and patched by Sophos against the recent "SQL Injection" attack. and we already have changed our password according to the given KB.

  • 0 in reply to FaheemSarwar

    I've seen the email that came out from Sophos yesterday about this, but I've not seen this screen pop up yet.

     

    The email made it sound like it was only going to effect people that hadn't changed the admin password yet, but if it's going to affect people that have already sorted that out that isn't very good.

     

    Regards

     

    PS: Just had this pop up on my home XG (which wasn't touched) - it might be that they now require a complex password which perhaps your previous one didn't meet the requirements for.

Reply
  • 0 in reply to FaheemSarwar

    I've seen the email that came out from Sophos yesterday about this, but I've not seen this screen pop up yet.

     

    The email made it sound like it was only going to effect people that hadn't changed the admin password yet, but if it's going to affect people that have already sorted that out that isn't very good.

     

    Regards

     

    PS: Just had this pop up on my home XG (which wasn't touched) - it might be that they now require a complex password which perhaps your previous one didn't meet the requirements for.

Children
  • 0 in reply to carbon15

    My account always follows password complexities.

     

    As per checking I have changed my password last 27 April 2020 with a very complex one. 

     

    I didn't understand why I have to this again.

  • 0 in reply to S023A

    Same over here:

    - Password changes done on April 27th

    - New password matches policy

     

    So let's do the whole stuff one more time for all affected customers...

     

    I'm also wondering how Sophos pushed all these changes (Password complexitiy rules & Captcha on admin web interface) to the firewalls? Has the hotfix been modified and reapplied? Or how does Sophos have the possibilty to do such extensive changes on default behaviour?