$VPN_PASSWORD$ no longer works with 13.6.7.0
I use a custom script for my vpn connection and have been using $VPN_PASSWORD$ with the Allow password in variable option checked. It no longer passes the password value instead sending "$VPN_PASSWORD$" I am assuming it is related to this change.
* Fixed a possible security issue with the $PASSWORD$ variable by taking the "allow password variable" value and the resolved credentials
Am I missing a new option/feature in the new version, or is there a possible workaround for this?
Thanks.
David
All Comments (8)
Hello,
If I understand correctly, this issue only occurred after checking "Allow Password in variable" ? Do you have the same issue if you uncheck it?
Also, could you please tell me what type of Data Source are you currently using?
During that time, I will try to reproduce this issue in my environment.
Best regards,
James Lafleur
James,
The issue occurred when upgrading to 13.6.7.0, I had "Allow Password in Variable" checked previously. I did just try without it check and it passes "$VPN_PASSWORD$" instead of the value, just like when it is checked.
For the data source I'm assuming you mean for the password, I am using keepass credential repository with the add-on.
Thanks.
David
Hello,
For the entry you're having issues with, can you describe more what it's set up like? Specifically, do you use the credential repository (or inherited credentials) in the main section of the entry, and does that linked credential have the "allow password variable" option checked?
Regards,
Hubert Mireault
Hubert,
I have a site folder that has the VPN setup and the hosts are set to inherit. The hosts have the allow password variable option checked.
Type is Custom
Credentials is repository (using keepass)
Executable is a batch file (currently using echo %* and then pause for testing to see what is being passed)
Opening argument is $VPN_PASSWORD$
The linked credential did not have the option for allow password variable, was not aware that was there, only knew about the one on the host security options. Just checked it and appears to have made no difference in the password variable being passed.
Let me know if you need any additional information.
Thanks.
David
Hello David,
I tried to recreate your setup and just to confirm, it's the following: A Site folder where in the VPN tab, there is a custom VPN. This custom VPN uses a linked credential entry and makes use of the $VPN_PASSWORD$ variable.
So I reproduced this setup and to make it work, you need to enable the "allow password variable" both on the Site folder as well as on the linked credential entry. With this the variable is properly resolved for me. Could you confirm?
If it isn't resolved I think it would be helpful if you could make an export (without any sensitive information) of your entries so we can make sure our setup is the same as yours.
Regards,
Hubert Mireault
Hubert,
I don't see the option for allow password variable on the site folder. I see it on the host entries and on the linked credential. Attached an image of what I see on the site folder when looking at the security section where I would find the option on a host.
Thanks.
David
Ah, I believe I mixed myself up. You shouldn't need to check anything on the Site entry, the box indeed isn't there. Just with the checked box in the credential as well as the host, it works for me.
Regards,
Hubert Mireault
Hubert,
I could have sworn I changed that yesterday, but just enabled it on the linked credential and it worked. Thanks for your help with this.
David