Secure URL passwords are displayed in clear text

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
Svend
Posts: 38
Joined: Fri Sep 23, 2005 5:00 pm

Secure URL passwords are displayed in clear text

Post by Svend »

I have a test that checks an Open Mobile Access page on a server. This is a secure site that requires ID and password. I'm doing a URL Request.
After setting the ID and password in the test the URL to be tested then contains the password in this format...

https://userid:password@host.domain.com.au:80/oma

I'm a bit concerned that this test is even displaying the password. This has allowed other people who use the hostmonitor system to see a sensitive account password. The string containing the password also appears to be used to make the URL request. Does this mean that it is being transmitted in clear text on the internet even though it is supposed to be a secure site?
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

I don't think it is being transmitted in clear text, we will check the code today...

Regards
Alex
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

HostMonitor does not send userid:password as clear test.
Regarding "displaying the password".. we will change that behaviour. However I do not think this is a big problem. Normally you should protect HostMonitor settings using restricted permissions for operators ("User Profiles" dialog). If you provide access to test settings and Connection Manager to everyone, they can take any password...

Regards
Alex
Top
Post Reply

Return to “Configuration, Maintenance, Troubleshooting”