Password obfuscation using UCYBCRYP.EXE was designed to be able to use passwords in configuration files, without exposing the password as plain text.
What is important to understand is that this is obfuscation and not strong encryption, as indicated in the Automic documentation.
The obfuscated string is merely a different representation of the same password and therefore is accepted as valid password when used for REST API, Java API and access to AWI.
The 'AWI Access Control' does not prevent authentication (you can still log in to AWI), but does affect authorization by restricting what a particular user can or cannot access.
------------------------------
Kaj Wierda
Sr. Product Line Manager | Automation
Broadcom Software
------------------------------
Original Message:
Sent: Apr 19, 2024 01:06 AM
From: Sivaprasad PR
Subject: AWI login with crypted password
Hello Community,
I just noticed that the awi accepts encrypted passwords for login if given without the preceding '--'. Is this the intended behavior? Or is it a feature?
If it's a feature, can anyone suggest how to disable it.
If it's not, doesn't it defeat the purpose? because we store AE user passwords crypted by ucybcryp.exe in plain text files for using java/callapi integrations.
NB: I am working with AE version 12.3.9 - Not sure if it has been fixed in a later version ;)
------------------------------
Siva
------------------------------