Symantec Privileged Access Management

Hi there folks

Has anyone had success connecting via transparent login from PAM to Oracle SQL Developer
We have used this knowledge base article but ran into the issue below

[Environment]
PAM 3.2.4.64
Oracle SQL Developer 17.4.0.355 (build 355.2349)

[Problem Description]
Customer is using an RDP Application with Transparent Login to access Oracle SQL Developer and they have detected the following problem:
At the moment the application is starting and the transparent login injects the credentials, if the end user moves the mouse and clicks on a visible entry field, just before the password is injected, then the password is written in the wrong field and is visible to the user.

[Business impact]
A security breach that may compromise the integrity of the database as it could be accessed from outside PAM.

[Troubleshooting]
The transparent login was written using mouseclicks instead of using the window controls, as they were not recognized by the control viewer during learn mode.


Is there a better way of doing this?
Appreciation in advance 

Roan

Hello Roan, Did you try using the "Freeze Input" option documented on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/setting-up-transparent-login/set-up-transparent-login-for-rdp-servers/configure-windows-transparent-login.html?

Keyboard void icon	Freeze Input	Allows insertion of a tag that disables user input (keyboard and mouse events) while a Transparent Login script is running. Freeze Input can prevent re-injection of the user password when using multiple browser tabs. This example freezes user input for 10 seconds.  Note:  Place this statement at the beginning of your script.
		Example:   <inputfreeze action="enable"/>                   <sleep time="10000"/>                                   <inputfreeze action="disable"/>

Original Message:
Sent: 02-18-2020 05:05 AM
From: Roan Linde
Subject: PAM to Oracle SQL Developer Transparent Login

Hi there folks

Has anyone had success connecting via transparent login from PAM to Oracle SQL Developer
We have used this knowledge base article but ran into the issue below

[Environment]
PAM 3.2.4.64
Oracle SQL Developer 17.4.0.355 (build 355.2349)

[Problem Description]
Customer is using an RDP Application with Transparent Login to access Oracle SQL Developer and they have detected the following problem:
At the moment the application is starting and the transparent login injects the credentials, if the end user moves the mouse and clicks on a visible entry field, just before the password is injected, then the password is written in the wrong field and is visible to the user.

[Business impact]
A security breach that may compromise the integrity of the database as it could be accessed from outside PAM.

[Troubleshooting]
The transparent login was written using mouseclicks instead of using the window controls, as they were not recognized by the control viewer during learn mode.


Is there a better way of doing this?
Appreciation in advance

Roan

Ralf, this is EXACTLY what I was looking for. You are the best. 
The client is currently testing this, but so far it looks like it sorted out the issue

Many thanks

Roan

Original Message:
Sent: 02-19-2020 04:53 PM
From: Ralf Prigl
Subject: PAM to Oracle SQL Developer Transparent Login

Hello Roan, Did you try using the "Freeze Input" option documented on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/setting-up-transparent-login/set-up-transparent-login-for-rdp-servers/configure-windows-transparent-login.html?

Keyboard void icon	Freeze Input	Allows insertion of a tag that disables user input (keyboard and mouse events) while a Transparent Login script is running. Freeze Input can prevent re-injection of the user password when using multiple browser tabs. This example freezes user input for 10 seconds.  Note:  Place this statement at the beginning of your script.
		Example:   <inputfreeze action="enable"/>                   <sleep time="10000"/>                                   <inputfreeze action="disable"/>

Original Message:
Sent: 02-18-2020 05:05 AM
From: Roan Linde
Subject: PAM to Oracle SQL Developer Transparent Login

Hi there folks

Has anyone had success connecting via transparent login from PAM to Oracle SQL Developer
We have used this knowledge base article but ran into the issue below

[Environment]
PAM 3.2.4.64
Oracle SQL Developer 17.4.0.355 (build 355.2349)

[Problem Description]
Customer is using an RDP Application with Transparent Login to access Oracle SQL Developer and they have detected the following problem:
At the moment the application is starting and the transparent login injects the credentials, if the end user moves the mouse and clicks on a visible entry field, just before the password is injected, then the password is written in the wrong field and is visible to the user.

[Business impact]
A security breach that may compromise the integrity of the database as it could be accessed from outside PAM.

[Troubleshooting]
The transparent login was written using mouseclicks instead of using the window controls, as they were not recognized by the control viewer during learn mode.


Is there a better way of doing this?
Appreciation in advance

Roan