Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Event log exposes password when not using Run As Accounts #480

Open
BetaLyte opened this issue Apr 17, 2024 · 2 comments · Fixed by #481
Open

Event log exposes password when not using Run As Accounts #480

BetaLyte opened this issue Apr 17, 2024 · 2 comments · Fixed by #481
Assignees
@AdhocAdam
Labels
bug Something isn't working

Comments

@BetaLyte
Copy link
Contributor

I noticed the event error log is currently leaking the password of the SCSM Run As Account, as it's being printed out if the email validation fails:

smletsexchangeconnector/smletsExchangeConnector.ps1

Line 4938 in 02be0b1

New-SMEXCOEvent -Source "General" -EventId 4 -LogMessage "The address/SCSM Run As Account used to sign into 365 is not a valid email address and is currently entered as $($username + "@" + $password). This will prevent a successful connection. To fix this, go to the Run As account in SCSM and for the username enter it as an email address like user@domain.tld" -Severity "Error"

BetaLyte added a commit to BetaLyte/smletsexchangeconnector that referenced this issue Apr 17, 2024
@BetaLyte
Fix variable in error log
b7e15df 
Fixes AdhocAdam#480
@BetaLyte BetaLyte mentioned this issue Apr 17, 2024
Merged
@AdhocAdam AdhocAdam self-assigned this Apr 17, 2024
@AdhocAdam
Copy link
Owner

Looks like this occurs given the following:

  • Using Exchange Online
  • Not using Run As Accounts/getting the password into the script by some other means

In any case, much appreciated and thank you for the pull request 👍

@AdhocAdam AdhocAdam reopened this Apr 17, 2024
AdhocAdam pushed a commit that referenced this issue Apr 17, 2024
@BetaLyte
Fix variable in error log (#481)
b2d5b51 
Fixes #480
@AdhocAdam AdhocAdam changed the title Event error log is leaking password Event log exposes password when not using Run As Accounts Apr 17, 2024
@AdhocAdam
Copy link
Owner

I was a bit too quick to close this. I merged this into dev and will keep this issue open for the sake of transparency.

@AdhocAdam AdhocAdam added the bug Something isn't working label Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdhocAdam AdhocAdam

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix variable in error log BetaLyte/smletsexchangeconnector
2 participants
@BetaLyte @AdhocAdam