Knowledge base article
KB224476 documents a bug (AE-26648) fixed in
12.3.6 HF2. The problem is that the Automation Engine uses an undocumented password based on the UTC timestamp to control its own processes via the Service Manager. Someone with knowledge of the format of this password could also control the AE Server processes.
The format of the the timestamp-based password is described with a Windows PowerShell example:
$((Get-Date).ToUniversalTime().ToString("yyyMMdd$([char]0x01)HHmmss"))
I was able to reproduce the described behavior. Below is a summary of my tests. All tests were conducted using
UCYBSMCL.EXE
on a Windows VM.
Service Manager version
|
TLS 1.2 secured
|
Hosted service & version
|
Timestamp-based password accepted
|
12.3.6
|
✘
|
Automation Engine 12.3.6
|
✔
|
12.3.6
|
✔
|
Automation Engine 12.3.6
|
✔
|
12.3.6
|
✘
|
Automation Engine 12.3.6 HF3
|
✔
|
12.3.6
|
✔
|
Automation Engine 12.3.6 HF3
|
✔
|
12.3.6 HF2
|
✘
|
Automation Engine 12.3.6
|
✘
|
12.3.6 HF2
|
✔
|
Automation Engine 12.3.6
|
✘
|
12.3.6 HF2
|
✘
|
Automation Engine 12.3.6 HF3
|
✘
|
12.3.6 HF2
|
✔
|
Automation Engine 12.3.6 HF3
|
✘
|
12.3.6
|
✘
|
UNIX Agent 12.3.6
|
✔
|
12.3.6
|
✔
|
UNIX Agent 12.3.6
|
✔
|
12.3.6
|
✘
|
UNIX Agent 12.3.6 HF3
|
✔
|
12.3.6
|
✔
|
UNIX Agent 12.3.6 HF3
|
✔
|
12.3.6 HF2
|
✘
|
UNIX Agent 12.3.6
|
✘
|
12.3.6 HF2
|
✔
|
UNIX Agent 12.3.6
|
✘
|
12.3.6 HF2
|
✘
|
UNIX Agent 12.3.6 HF3
|
✘
|
12.3.6 HF2
|
✔
|
UNIX Agent 12.3.6 HF3
|
✘
|
The fix for AE-26648 in 12.3.6 HF2 definitely changes the behavior. Under the fix description, the only changed component listed is the
Automation Engine. It seems obvious from the above results however that the only thing that matters is whether the
Service Manager has been updated to 12.36 HF2.
Whether TLS is enabled, and whether the hosted service (AE or Agent) has also been updated, appear to be irrelevant to whether the timestamp-based password is accepted. (In an earlier revision to this post, I reported that in one scenario even the updated 12.3.6 HF2 Service Manager accepted the timestamp-based password. This was incorrect.)
It also seems clear that both the
AE Server and the
Service Manager would have to be updated to change the behavior without breaking things. I have not tested yet in what configurations it is possible to use the
Automation Engine sheet of the
Administration perspective in the
Automic Web Interface to stop & start AE Server processes.
Perhaps the updated Automation Engine uses a different undocumented internal password that is harder to guess. Perhaps the Automation Engine uses its back-channel to the Service Manager (specified via the
-svc
command line option for the CP & WP). In any event, I get the impression that 12.3.6 HF2 represents only the first part of what will eventually be a more thorough fix.
One can also reproduce the behavior using the
ucybsmcl
binary on Linux:
"$(date -u +%Y%m%d)$(printf '\x01')$(date -u +%H%M%S)"
In
ASCII,
x01
is the SOH (Start of Header) character. Thanks to
@Ivan Barumov, who
discovered how to get it working on Linux.
Any additional information would be appreciated.