Solved

ITSM/ITOM Password encryption vulnerability

  • 29 August 2022
  • 3 replies
  • 136 views
ahtesham
Rank
Badge

Hello Techs,

We have a requirement where ITOM agent password should be in encrypted format and should not be visible by any means.

Encryption of the password is to be enabled across the entire installation process. Reason being, the server does not have the password in the encrypted format currently which indeed a vulnerability by all the means and has been picked up by the Cyber Security folks.

We need the password to be in encrypted format in order for us to make sure it does not show up anywhere while the entire process takes place.

icon

Best answer by ScottBain 29 August 2022, 11:27

View original

3 replies

S
Rank
Userlevel 1
Badge +2

Hello Mohammad Ahtesham,

 

This post refers specifically to the agent installation process.

 

We have been investigating the reported issue. We can confirm the following:

 

  1. The passwords are only visible during the installation of the agent on the end device.
  2. The passwords are not visible while being transferred to the device
  3. The passwords are not visible on the network once the agent has been installed and is communicating with the server

 

 

This needs to be raised as an idea rather than as a question so that the appropriate teams can address it.

 

Please use the link bellow:

 

https://community.ifs.com/ideas

 

 

Kind regards,

Scott

ahtesham
Rank
Badge

Hi , Scott 

i have  raised  a idea , please can you suggest me how we fixed the issue . 

 

 

S
Rank
Userlevel 1
Badge +2

Hi , Scott 

i have  raised  a idea , please can you suggest me how we fixed the issue . 

 

 

Hello Mohammad Ahtesham,

 

This is being progressed via “Ideas” which are reviewed and actioned by Product Management. The current functionality is by design and requires changes at a product level.

 

Kind regards,

Scott

Reply


Terms & ConditionsCookie settings