Resetting Neuvector Password
If, for whatever reason, the password for any of the neuvector instances isn’t working and the admin account is being locked out, you can reset the password.
The official guide from which these instructions were taken has been removed from their KB, a similar KB can be found here.
Connect to the AKS cluster for the environment the neuvector pods are in e.g. cft-aat-00-aks
Connect to one of the controller pods:
kubectl exec -it <controller_pod> -n neuvector -- sh
Check if admin entry exists by running the command below and save the output JSON somewhere for safekeeping. (If the entry does not exist, please stop and consult with NeuVector Support.)
consul kv get object/config/user/admin
Take the output from the above consul kv get command and replace the password_hash string with the below hash string for “admin”.
c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec
Apply the update JSON by replacing the existing password_hash with the password_hash above. The single quotes surrounding the JSON are needed. (It is best to craft this command inside a text editor to verify before applying it to the controller shell.)
The full command should be:
consul put object/config/user/admin '{"fullname":"admin","username":"admin","password_hash":"c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec","pwd_reset_time":"2023-03-23T21:25:23.75136146Z","pwd_hash_history":null,"domain":"","server":"","email":"","role":"admin","role_oride":false,"timeout":300,"locale":"en","role_domains":{},"last_login_at":"2023-03-23T21:25:01.981582916Z","login_count":1,"failed_login_count":0,"block_login_since":"0001-01-01T00:00:00Z"}'
Note that the password_hash has been changed and the failed_login_count is set to 0.
The below message gets returned upon successful update.
Success! Data written to: object/config/user/admin
You should now be able to login to neuvector with the default credentials.
Updating the password in the console
Now that you’ve got into the console, you must reset the password to a more secure value.
We have a keyvault secret already which you should use as the new password.
Get the secret from the cftptl-intsvc keyvault. It is called neuvector-new-admin-password.
Go to Settings and click the Reset password button.
Enter the password into the reset password dialog box:
