Spectrum User Creation via REST API Password Encryption
Article ID: 195350
Updated On: 10-31-2023
Products
Issue/Introduction
http://<HOSTNAME>:<PORT>/spectrum/restful/model/<USER_MH>?attr=0x11f9a&val=9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.66.53.dc.e9.54.65.03.de.c7.1e.3c.9c.10.a8.de.0f.72.5e.25.f0.18.07.d3.0d.df.e2.1c.fe.26.79.c4.80
Starting in Spectrum 10.4.1 and above, if you run the same call, the password will now be set to:
Environment
Release : 10.4.1 & 10.4.2
Component : Spectrum Applications
Resolution
Due to feedback from customers, Spectrum will now only take the clear text password in the REST API call and will not longer require it to be encrypted. Once the password is updated, Spectrum will then encrypt the password and store it within the Spectrum database. This is functioning as designed going forward.
Additional Information
Spectrum uses SHA256 for user password encryption (The NCM_Enable_Password and NCM_Password attributes are encrypted in AES256.)
TEST:
94EE059335E587E501CC4BF90613E0814F00A7B08BC7C648FD865A2AF6A22CC2
SPECTRUM USES A FIXED VALUE WHICH IS PLACED IN FRONT OF THE ENCRYPTED PASSWORD FOR INTERNAL PROCESSING:
9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0
AND A dot is required every two characters so the final password for TEST would be:
9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.94.EE.05.93.35.E5.87.E5.01.CC.4B.F9.06.13.E0.81.4F.00.A7.B0.8B.C7.C6.48.FD.86.5A.2A.F6.A2.2C.C2
Feedback
