Register
SmartBear Support Resources
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NTLM Authentication - Password is visible (Security Issue)

SOLVED
Solved
Start a topic
Rama16
Contributor
‎04-10-2019 01:21 PM
‎04-10-2019 01:21 PM

NTLM Authentication - Password is visible (Security Issue)

Hi,

 

I see password is visible if I use NTLM authentication. It seems like security issue Please advise.

 

Thanks

Labels:
Tags (1)
0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
NBorovykh
Moderator Moderator
Moderator
‎04-15-2019 02:18 AM
‎04-15-2019 02:18 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Hello @Rama16,

 

I agree that the password value should be hidden in the request's properties in Navigator as it's hidden in the other panels. I have registered an issue in the internal DB for this.

 

As for the fact that the password is stored in the project file as-is, it's the expected default behavior. To protect your sensitive data can either encrypt the whole project or selected properties as it's described in this article: https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html

 

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓

View solution in original post

Reply
15 REPLIES 15
richie
Community Hero
Community Hero
‎04-11-2019 07:00 AM
‎04-11-2019 07:00 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Hey @Rama16 

 

What version of SoapUI/ReadyAPI! are you using?  I'm running ReadyAPI! v2.6.0 and the password is obfuscated and has been for a while - I remember it wasn't in SoapUI v3.5 - but that was years ago!

 

Cheers,

 

richie

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
0 Kudos
Reply
Rama16
Contributor
‎04-11-2019 07:12 AM
‎04-11-2019 07:12 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Thanks for your reply.

 

I am using ReadyAPI 2.6.0 with Pro licence.

 

Please see the screenshot.

 

Thanks

0 Kudos
Reply
TanyaYatskovska
Community Manager Community Manager
Community Manager
‎04-12-2019 01:35 AM
‎04-12-2019 01:35 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Just to clarify, @Rama16, do you see the value of the password field?

---------
Tanya Yatskovskaya
SmartBear Community and Education Manager

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
0 Kudos
Reply
Rama16
Contributor
‎04-12-2019 06:29 AM
‎04-12-2019 06:29 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Yes. I do see the password. Also, When I saved the project and I see it xml as well.

0 Kudos
Reply
NBorovykh
Moderator Moderator
Moderator
‎04-15-2019 02:18 AM
‎04-15-2019 02:18 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Hello @Rama16,

 

I agree that the password value should be hidden in the request's properties in Navigator as it's hidden in the other panels. I have registered an issue in the internal DB for this.

 

As for the fact that the password is stored in the project file as-is, it's the expected default behavior. To protect your sensitive data can either encrypt the whole project or selected properties as it's described in this article: https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html

 

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓

View solution in original post

Reply
Rama16
Contributor
‎04-15-2019 05:40 AM
‎04-15-2019 05:40 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Thanks for update. Let me know when this issue is resolved.

 

-Ram

0 Kudos
Reply
Rama16
Contributor
‎04-17-2019 06:39 AM
‎04-17-2019 06:39 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Good morning,

 

Any update on this? Does this issue is resolved?

 

Thanks,
Rama

0 Kudos
Reply
Rama16
Contributor
‎04-18-2019 07:00 AM
‎04-18-2019 07:00 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Good morning @NBorovykh,

 

Any update on this? Does this issue is resolved?

 

Thanks,
Rama

0 Kudos
Reply
NBorovykh
Moderator Moderator
Moderator
‎04-18-2019 09:28 AM
‎04-18-2019 09:28 AM

Re: NTLM Authentication - Password is visible (Security Issue)

Hi @Rama16,

 

At the moment, there is no ETA of a fix to this issue, but I'd like to assure you that the Product Team always treats security-related issues as critical and tries to fix them as soon as possible. 

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓
0 Kudos
Reply
New Here?
Join us and watch the welcome video:
Top Kudoed Authors
View All