Subscribing is a smart move!
You can subscribe to this forum after you log in or create your free account.
DCE bug allows "screenscraping" of backup share credentials
EcoStruxure IT forum
Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
Link copied. Please paste this link to share this article on your social media post.
This question was originally posted on DCIM Support by Garry Priestland on 2017-08-15
I discovered to day that the windows backup share setting dialog allows you to screen scrape the password of the user. Not good since this is often the users windows / domain password.
FYI I used AsteriskKey to get the passwords.
The same is true for every password / sensitive field in the dialog boxes that are used to set up / edit an SNMP config template.
Version of DCE is 7.4.3
Thought it best to not post this publicly...
Link copied. Please paste this link to share this article on your social media post.
This comment was originally posted on DCIM Support by Garry Priestland on 2017-08-15
I tested it today on several dialog boxes in the SNMP template creation and editing, and was also able to find out a colleagues laptop password from the Backup screen. I knew it used to be possible for all users on DCE but this got corrected at version 7.4+?
The clue was that the field lengths were shorter (less asterisks were displayed) than normal since the 7.4+ update. The screen scraper returns DEFAULT_PASSWORD on 'protected' password fields which is actually displayed as **************** - 16 asterisks as there are 16 chars in "DEFAULT_PASSWORD"
An example today also was that I was able to scrape the passwords from NMC that had their credentials changed using a saved SNMP config template. Actually very useful 😀 arguably not secure. Truth is I can't do any of this unless I have the DCE server Administrative access anyway, so is it that insecure?
The image above is an example of what I mean, (but is not the one I did today)
Link copied. Please paste this link to share this article on your social media post.
This comment was originally posted on DCIM Support by Steven Marchetti on 2017-08-16
Hi Garry,
Yea, looks like they fixed it at least in 7.4.3. I tried and as long as I save and go back to the dialog, I just see default_password too:
Steve
Link copied. Please paste this link to share this article on your social media post.
This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.