cancel
Showing results for 
Search instead for 
Did you mean: 

NTLM Authentication - Password is visible (Security Issue)

SOLVED
Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Thanks @NBorovykh 

Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Hi @NBorovykh 

 

Any updates on this? Due to this, I am not able to check-in  the project XML file into the source control due to password stored in the project xml file. This seems high priority for us. if this is not going to solved, please let me know. So that I will reach out to account manager regarding this experience of Soap UI Pro.

 

Thanks,
Rama

Moderator

Re: NTLM Authentication - Password is visible (Security Issue)

Hi @Rama16,

 

The fact the password is stored in plain text in the project file is not an issue in ReadyAPI. This is the default by-design behavior that you can change if you need. For this store your password in a custom property and encrypt this property as described in this article: https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html

 

You can refer to this custom property from any place in your project using property expansions: https://support.smartbear.com/readyapi/docs/testing/properties/expansion.html

 

Does this help?

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓
Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Thank you, @NBorovykh.

 

Ys, that helps me to reduce the severity. I created project properties and added password the project and global password.

 

But I still see the password is visible if I open the project properties(not custome properties). Please see the screen shot. Is this is what you talking regarding expected behaviour?

 

Another issue, I found it regarding visibility of password.

 

Please see attached.

-Rama

Moderator

Re: NTLM Authentication - Password is visible (Security Issue)

Hi @Rama16,

 

No, the fact that the values of encrypted custom properties are shown in plain text in some other places in the UI (in the Navigator or in the "Step-by-Step Run" panels as shown in your screenshots) does not look expected for me. 

 

Thank you for creating a support case for these issues - my colleague will work on confirming them with the Dev team and registering in our issue-tracking system.

 

Natalie
Customer Care Team

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others.↓↓↓↓↓
Contributor

Re: NTLM Authentication - Password is visible (Security Issue)

Thanks @NBorovykh. Please keep me posted i you have updates.

 

Rama

New Here?
Join us and watch the welcome video:
Watch the new Interview
Top Kudoed Authors