On the Reset Security Credentials page, the field next to "New Config Manager Admin Password:" will remember previous passwords you have typed in.
You can see the previous passwords in plain text.
I have experienced this with both IE and Firefox.
Screenshot shows the field I am talking about.
Perhaps this field should be changed so it doesn't remember values that have been typed here.
Suggestion for Reset Security Credentials page
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Suggestion for Reset Security Credentials page
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Suggestion for Reset Security Credentials page
This screen should by design be static, it's not meant to randomize the passwords. Instead it pushes the value provided to the password store and the password database. It should always display the password in the password store.
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: Suggestion for Reset Security Credentials page
On my computer I go to the Reset Security Credentials page
I type the nagiosadmin password in the field next to "New Config Manager Admin Password:"
I click Update Credentials
I log out of Nagis XI
I walk away from the computer without locking the screen
Another person jumps on my computer and logs into Nagios XI
They go to the Reset Security Credentials page
They double click in the field next to "New Config Manager Admin Password:"
Any entries typed by me in the past will appear here in a list.
I type the nagiosadmin password in the field next to "New Config Manager Admin Password:"
I click Update Credentials
I log out of Nagis XI
I walk away from the computer without locking the screen
Another person jumps on my computer and logs into Nagios XI
They go to the Reset Security Credentials page
They double click in the field next to "New Config Manager Admin Password:"
Any entries typed by me in the past will appear here in a list.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Suggestion for Reset Security Credentials page
If they have the admin password, they have the admin password. Though perhaps there are some browser cache issues to consider.
http://go.nagios.com/tracker/64
http://go.nagios.com/tracker/64
-
tonyyarusso
- Posts: 1128
- Joined: Wed Mar 03, 2010 12:38 pm
- Location: St. Paul, MN, USA
- Contact:
Re: Suggestion for Reset Security Credentials page
I would agree that it would be a lot smarter IMO if that particular field was set to a password input type, given how this operates.
Re: Suggestion for Reset Security Credentials page
If your overly worried about it.. Jump into the HTML files for that page and add
autocomplete="off"
To the form attributes.
autocomplete="off"
To the form attributes.
Re: Suggestion for Reset Security Credentials page
To do that.. Go to the file /usr/local/nagiosxi/html/admin/credentials.php
On line 98 change from
to
On line 98 change from
Code: Select all
<form id="manageOptionsForm" method="get" action="<?php echo $_SERVER['PHP_SELF'];?>">Code: Select all
<form id="manageOptionsForm" autocomplete="off" method="get" action="<?php echo $_SERVER['PHP_SELF'];?>">-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: Suggestion for Reset Security Credentials page
Great tip.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Suggestion for Reset Security Credentials page
Glad to help.