It's not free, but it sounds like you need Cisco Secure/TACACS. Authentication then takes place centrally and you don't have to change individual switches and routers.

One user suggested you use Cisco Secure ACS (tacacs / Radius software). This is a good solution for authentication, but it will not change your router or switch passwords, and whether one uses tacacs / radius or not, there are still console, and fallback passwords that should be changed regularly.

I would have recomended Cisco Works, however you want free
The best place to start looking, for free software, would be the following address:

If you are contemplating the automation of password changes on hundreds of devices, I would strongly caution you to stay away from scripts or other such methods that would necessitate any kind of manual entry of new devices or decomissioning of old devices unless you have editing of your scripts built into the normal processes you follow for network adds / changes or drops. What can happen is that your script will end up being out of date and you will have devices that will not get changes when they should, as your script doesn't know about them.

I have hundreds of Cisco devices to manage here, and while I could write a book about whats wrong with Cisco's software offerings, and particularly Cisco Works in general, it's ability to autodiscover the network and rebuild its topology awareness does wonders for making sure new devices added or old devices removed from the network do not fall through the administrative cracks. Even if you don't end up with things falling through the cracks, what we have found here is that using netconfig (part of Cisco Works) jobs to change device passwords has probably paid for the software several times over, since changing passwords on our devices takes about 5 minutes to implement and we don't have to manualy edit anything…