service password-encryption command

All passwords configured on an IOS device, with the exception of the passwords configured with enable secret password, are stored in clear-text in the device configuration file. This means that all that attacker needs to do to find out the passwords is to run the show running-config command:

Notice how console and VTY passwords are displayed in clear-text. To encrypt them, you can use the service password-encryption global configuration command:

Notice how passwords are now stored in encrypted form:

Although somewhat useful, this method of password encryption is not considered to be especially secure, since there are tools that can crack it. Use the service password-encryption command with additional security measures.

Configure passwords in IOS
Configure descriptions in IOS

service password-encryption command

CCNA course