AutoSys Workload Automation

  • Private Community
 View Only

  • 1.  Password encrypted logged

    Posted Aug 24, 2017 11:48 AM

    Hi everyone,

    i have a cawa de 11.3.3 server implemented and i have an important security issue which ones are the cawa client is writting the user password encrypted in the internal_trace.txt file log, and the other one is the same problem but i dont know if it is in server log oe agent log, just i have a screenshot from it.

     

    do you know how i could set off those in the logs?

     

    thanks

    isaac 



  • 2.  Re: Password encrypted logged
    Best Answer

    Broadcom Employee
    Posted Aug 24, 2017 12:44 PM

    Hi Isaac,

     

    Since the password is being displayed encrypted, why do you think it is a security breach? I understand as a security breach if the password was being displayed in clear text...



  • 3.  Re: Password encrypted logged

    Posted Aug 25, 2017 07:47 AM

    Hi Leandro,
    My client was audited for USA company, and one of the rules is the passwords must not display them in files. In this case is in a workstation, so it is not compliance.

    Do you know how set off this?

     

    Thanks



  • 4.  Re: Password encrypted logged

    Broadcom Employee
    Posted Aug 25, 2017 02:20 PM

    Hi,

    As mentioned earlier by Leandro, this is encrypted form.  Please be advised that this is not the password itself.  Encrypted password are routinely written and sent over the net by many applications.  The encrypted form cannot be used as password itself.  

    Also, CA WA DE does not store any passwords in clear text format.  They are all stored or written in encrypted form.  

     

    Thank you,

     

    Nitin Pande

    CA Technologies



  • 5.  Re: Password encrypted logged

    Posted Aug 27, 2017 10:24 PM

    Thanks for your response. Then, does not exists any way to turn off this kind of message in the log?

     

    Thanks,

    Isaac