Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agent register wizard doesn't handle properly special characters in password #5493

Closed
Tracked by #4205
asteriscos opened this issue May 24, 2023 · 1 comment · Fixed by #5738
Closed
Tracked by #4205

Agent register wizard doesn't handle properly special characters in password #5493

asteriscos opened this issue May 24, 2023 · 1 comment · Fixed by #5738
Assignees
@Machi3mfl @jbiset
Labels
level/task Task issue type/bug Bug issue

Comments

@asteriscos
Copy link
Member

asteriscos commented May 24, 2023
edited
Loading

Wazuh Elastic Rev Security
4.2 7.x 4xxx Basic, ODFE, Xpack
Browser
Chrome, Firefox, Safari, etc

Description
The password input in the Agent register wizard doesn't validate or handle special characters like single or double quotes for every operating system.

Preconditions

  1. Set use_password to true in the manager configuration

Screenshots
Screenshot from 2023-05-24 19-13-28
Screenshot from 2023-05-24 19-13-15

Additional context
Add any other context about the problem here. Here you can paste log entries too or any other useful information that may help with the issue.
@asteriscos asteriscos mentioned this issue May 24, 2023
Closed
29 tasks
@asteriscos asteriscos added level/task Task issue type/bug Bug issue labels May 24, 2023
@wazuhci wazuhci moved this to Backlog in Release 4.7.0 Jul 11, 2023
@Machi3mfl Machi3mfl self-assigned this Jul 17, 2023
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.7.0 Jul 17, 2023
@wazuhci wazuhci moved this from In progress to On hold in Release 4.7.0 Jul 18, 2023
@wazuhci wazuhci moved this from On hold to In progress in Release 4.7.0 Jul 24, 2023
@Machi3mfl Machi3mfl mentioned this issue Jul 26, 2023
Merged
6 tasks
@Machi3mfl Machi3mfl linked a pull request Jul 26, 2023 that will close this issue
[Redesign add page] Agent register wizard handle properly special characters in password #5738
Merged
6 tasks
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.7.0 Jul 31, 2023
@wazuhci wazuhci moved this from Pending review to Blocked in Release 4.7.0 Jul 31, 2023
@wazuhci wazuhci moved this from Blocked to Pending review in Release 4.7.0 Aug 4, 2023
@wazuhci wazuhci moved this from Pending review to In review in Release 4.7.0 Aug 4, 2023
@Machi3mfl
Copy link
Member

Testing enrollment comments

curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.7.0-1.intel64.pkg && echo -e "WAZUH_MANAGER='192.168.0.19'\nWAZUH_AGENT_GROUP='default'\nWAZUH_AGENT_NAME='test-name'\nWAZUH_REGISTRATION_PASSWORD='password\"with\"doubleq\\'usds\\\"es'\n" > /tmp/wazuh_envs && sudo installer -pkg ./wazuh-agent.pkg -target /
  • check when running the enrollment command and if the authd.pass agent file is created with correct password

Possible Solution

echo -e "WAZUH_MANAGER='192.168.0.19'\nWAZUH_AGENT_GROUP='default'\nWAZUH_AGENT_NAME='test-name'\nWAZUH_REGISTRATION_PASSWORD=$'password\"with\"doubleq\\'usds\\\"es'\n" > /tmp/wazuh_envs && sudo installer -pkg ./wazuh-agent.pkg -target /
  • Using Check to add $ character in parameters definitions. (on macOS, Linux)
  • Possible ' scaping '"'"'

And check the test E2E

@wazuhci wazuhci moved this from In review to In progress in Release 4.7.0 Aug 7, 2023
@wazuhci wazuhci moved this from In progress to In review in Release 4.7.0 Aug 7, 2023
@wazuhci wazuhci moved this from In review to In progress in Release 4.7.0 Aug 8, 2023
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.7.0 Aug 9, 2023
@wazuhci wazuhci moved this from Pending review to Done in Release 4.7.0 Aug 9, 2023
@Tostti Tostti mentioned this issue Oct 12, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Machi3mfl Machi3mfl

@jbiset jbiset

Labels
level/task Task issue type/bug Bug issue
Projects
No open projects
Release 4.7.0
Status: Done
Milestone
No milestone
3 participants
@Machi3mfl @asteriscos @jbiset