Issue/Introduction:
Prior to Spectrum 10.4.1, users have been able to update the password of a Spectrum user via REST API with the following call:
http://<HOSTNAME>:<PORT>/spectrum/restful/model/<USER_MH>?attr=0x11f9a&val=9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.66.53.dc.e9.54.65.03.de.c7.1e.3c.9c.10.a8.de.0f.72.5e.25.f0.18.07.d3.0d.df.e2.1c.fe.26.79.c4.80
You will notice that the value of the password had to be encrypted in order for the call to be successful. The above call will actually set the password to: 123_abc_
Starting in Spectrum 10.4.1 and above, if you run the same call, the password will now be set to:
9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.66.53.dc.e9.54.65.03.de.c7.1e.3c.9c.10.a8.de.0f.72.5e.25.f0.18.07.d3.0d.df.e2.1c.fe.26.79.c4.80
Environment:
Release : 10.4.1 & 10.4.2
Component : Spectrum Applications
Resolution:
Due to feedback from customers, Spectrum will now only take the clear text password in the REST API call and will not longer require it to be encrypted. Once the password is updated, Spectrum will then encrypt the password and store it within the Spectrum database. This is functioning as designed going forward.
Additional Information:
Spectrum uses SHA256 for password encryption.
Here is an example creating a hashed password of "TEST" to be used as a Spectrum user password:
TEST:
94EE059335E587E501CC4BF90613E0814F00A7B08BC7C648FD865A2AF6A22CC2
SPECTRUM USES A FIXED VALUE WHICH IS PLACED IN FRONT OF THE ENCRYPTED PASSWORD FOR INTERNAL PROCESSING:
9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0
AND A dot is required every two characters so the final password for TEST would be:
9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.94.EE.05.93.35.E5.87.E5.01.CC.4B.F9.06.13.E0.81.4F.00.A7.B0.8B.C7.C6.48.FD.86.5A.2A.F6.A2.2C.C2
SHA256 Hash Generator