New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TAXII ingester] Problem with passwords containing ":" #6403
Comments
The user and password in Taxii feeds are concatenated together and coverted in base64 to create a Bearer on the backend side. opencti/opencti-platform/opencti-graphql/src/manager/ingestionManager.ts Lines 215 to 216 in 5e7492d
And authentication is stored as one string field
So basically the authentication header that is send in request for username/password is "Bearer base64(username:password)" First, I don't think it's possible to have ':' in the username because I don't know how the "Bearer usern:ame:password" will be read on the Taxii API side, but I think that ':' in the password side will work (since it's not the first ':' found in the string), I mean "username:pass:word" should works fine on taxi API side.
Or
I check other authentications ways, there is no ":" issue because it's base64 encoded already (we could check that on the frontend by the way), or the whole string is use as it is without splitting on ':'. @nino-filigran could you give me your opinio between proposal 1 and 2 please ? |
In both solutions, I see that we would prevent users to input a ":" in their usernames. Given that we do not allow it in username, I would be keen to prevent it in the pwd field then. It's often something that exists in pwd forms. This makes me wonder though: what if some users have already a ":" in their usernames or pwd, would they be affected? cc @Jipegien in case you do not agree. |
If users currently have ":" in the password, their TAXII doesn't work (this is the subject of this issue). As for the username, I'd be surprised if any users have ":" in it. If that's the case, I don't think it works either. |
Description
If the credentials password used for a TAXII ingester contains ":", the platform deletes the end of the password (i.e. the ":" and all that follows).
Environment
OCTI 6.0.7
Reproducible Steps
Steps to create the smallest reproducible scenario:
The text was updated successfully, but these errors were encountered: