cancel
Showing results for 
Search instead for 
Did you mean: 

NTLM Authentication - Password is visible (Security Issue)

SOLVED
Contributor

NTLM Authentication - Password is visible (Security Issue)

Hi,

 

I see password is visible if I use NTLM authentication. It seems like security issue Please advise.

 

Thanks

Tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Moderator

Re: NTLM Authentication - Password is visible (Security Issue)

Hello @Rama16,

 

I agree that the password value should be hidden in the request's properties in Navigator as it's hidden in the other panels. I have registered an issue in the internal DB for this.

 

As for the fact that the password is stored in the project file as-is, it's the expected default behavior. To protect your sensitive data can either encrypt the whole project or selected properties as it's described in this article: https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html

 

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓

View solution in original post

15 REPLIES 15
Community Hero

Re: NTLM Authentication - Password is visible (Security Issue)

Hey @Rama16 

 

What version of SoapUI/ReadyAPI! are you using?  I'm running ReadyAPI! v2.6.0 and the password is obfuscated and has been for a while - I remember it wasn't in SoapUI v3.5 - but that was years ago!

 

Cheers,

 

richie

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Thanks for your reply.

 

I am using ReadyAPI 2.6.0 with Pro licence.

 

Please see the screenshot.

 

Thanks

Community Manager

Re: NTLM Authentication - Password is visible (Security Issue)

Just to clarify, @Rama16, do you see the value of the password field?

---------
Tanya Gorbunova
SmartBear Community Manager

Join the annual community event and share your stories to win gifts
Wintertainment2019
Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Yes. I do see the password. Also, When I saved the project and I see it xml as well.

Moderator

Re: NTLM Authentication - Password is visible (Security Issue)

Hello @Rama16,

 

I agree that the password value should be hidden in the request's properties in Navigator as it's hidden in the other panels. I have registered an issue in the internal DB for this.

 

As for the fact that the password is stored in the project file as-is, it's the expected default behavior. To protect your sensitive data can either encrypt the whole project or selected properties as it's described in this article: https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html

 

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓

View solution in original post

Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Thanks for update. Let me know when this issue is resolved.

 

-Ram

Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Good morning,

 

Any update on this? Does this issue is resolved?

 

Thanks,
Rama

Highlighted
Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Good morning @NBorovykh,

 

Any update on this? Does this issue is resolved?

 

Thanks,
Rama

Moderator

Re: NTLM Authentication - Password is visible (Security Issue)

Hi @Rama16,

 

At the moment, there is no ETA of a fix to this issue, but I'd like to assure you that the Product Team always treats security-related issues as critical and tries to fix them as soon as possible. 

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓