Special Chars may break Encrypted Login

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
Post Reply
Jaymer
Posts: 2430
Joined: Tue Jan 13, 2015 10:58 am
Location: Tampa, FL
Contact:

Special Chars may break Encrypted Login

Post by Jaymer »

I was doing some testing on generating random passwords, and emailing an encrypted link to the user.
I've done this before, but this was a new system and I was doing rigorous testing.
All of a sudden, 2 of 3 links would not login.

I used this: RegularUser.PasswordGenerated = GENERATE_PWD(8,15,2,3,2)
to gen the PW
Screen Shot 2019-06-05 at 12.59.09 AM.png
Screen Shot 2019-06-05 at 12.59.09 AM.png (21.1 KiB) Viewed 3064 times
You can see from this Tomcat log, that the password was cut off after the Pipe symbol (or before the &)
and thus would not allow login.
I ALMOST released this for use tomorrow and I had already sent 10+ emails that worked fine.
Some combination of chars broke the incoming parse.
I just set the 5th parm to 0 for No Special Characters - someone's not gonna hack gibberish anyway, regardless of if it has special characters or not.

buyer beware
jaymer...
Click Here to see a collection of my tips & hacks on this forum. Or search for "JaymerTip" in the search bar at the top.

Jaymer
Aware Programming & Consulting - Tampa FL
kklosson
Posts: 1617
Joined: Sun Nov 23, 2008 3:19 pm
Location: Virginia

Re: Special Chars may break Encrypted Login

Post by kklosson »

I have experienced this as well and identified it as an issue. I switched to passwords with no special characters. Not sure, but I think I have had a couple of failers there as well.
V8.8
MySQL, AWS EC2, S3
PDFtk Toolkit
Post Reply