"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
If you have forgotten all passwords for accessing the WebAdmin (admin. account) or the UTM console user account (loginuser and root), you can still regain access by resetting the passwords.
This article explains how to reset the WebAdmin and user account password to recover access to Sophos UTM.
The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
Operating systems v7, v8, v9
To do this procedure, you must have:
If you cannot login to the WebAdmin with the admin account but you know the password for root and have either direct access to the UTM or can connect to the UTM with SSH, do the following:
NOTE: This procedure will also reset both the loginuser and root SSH passwords. To set the new passwords, either:
If you cannot reach the WebAdmin login page, the allowed networks may have changed. You can reset the allowed networks for WebAdmin via the following commands:
On UTM hardware appliances or software appliances where it is not possible to login to the console, you can still reset the passwords if you have physical access to the UTM.
NOTE: On a hardware appliance, you must connect a keyboard and monitor to the UTM to interrupt the boot sequence.
IMPORTANT: Due to a known issue with USB keyboard drivers not being loaded correctly when accessing the bash recovery environment, the steps after step 10 may not work with certain firmware versions. Make sure your UTM is updated to the latest firmware version to prevent being affected by this issue. Download the latest UTM firmware
Known affected versions: 9.104-9.111, 9.205-9.209, 9.300-9.307 (for SG-series UTMs) Known unaffected versions: 9.112, 9.210, 9.308+
You now have access to the WebAdmin and have reset the console user accounts' passwords.
NOTE: For High Availability systems,if you encounter any problems with resetting the password while both units are online, it may be necessary to power down the secondary units and then reset the password on the master unit. Once that is working, power the other units back on and they should sync the updated passwords as well.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.