0
Answered

Chris21 Connector failed connection displays password in UI

Matthew Woolnough 8 years ago in UNIFYBroker/Frontier ichris/chris21 updated by anonymous 5 years ago 5

The error from Chris21 is passed straight through to the IdB UI and displays the password.
I don't think this is desirable.

Affected Versions:
Fixed by Version:

Hi Matthew,

Are you able to paste the error here (redact the password)? It'll help us determine whether it's our error, or one from chris21.

Thanks.

Change detection engine import changes for connector Chris21 Placement failed with reason Line type is recognized but not valid Command. Line: GTR:cbr="logon",logonapplication="breoption",user="broker1test",password="passwordInPlainText",credentialsrequired="Y",error01="BRE012:Account locked. Access is not allowed.",error02="BRE103:Access has been denied.",status="fail". Duration: 00:00:00.3916166

This is because chris21 is sending the password back in its failed login attempt - it being visible is an artefact of better logging of the error line from chris21. This logging would need to be improved to handle requests with a password in them differently, and is pretty important that it makes it into the next fix release

Won't get to this before I finish up but this is pretty important. However, it would seem that this message only appears if the account is locked.

Marked as Unassigned

Brian Cotterall, I believe this is happening in Chris21Agent.CheckLoginResult.