Spectrum User Creation via REST API Password Encryption

book

Article ID: 195350

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Prior to Spectrum 10.4.1, users have been able to update the password of a Spectrum user via REST API with the following call:

http://<HOSTNAME>:<PORT>/spectrum/restful/model/<USER_MH>?attr=0x11f9a&val=9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.66.53.dc.e9.54.65.03.de.c7.1e.3c.9c.10.a8.de.0f.72.5e.25.f0.18.07.d3.0d.df.e2.1c.fe.26.79.c4.80
 
You will notice that the value of the password had to be encrypted in order for the call to be successful. The above call will actually set the password to: 123_abc_

Starting in Spectrum 10.4.1 and above, if you run the same call, the password will now be set to:
 
9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.66.53.dc.e9.54.65.03.de.c7.1e.3c.9c.10.a8.de.0f.72.5e.25.f0.18.07.d3.0d.df.e2.1c.fe.26.79.c4.80

Environment

Release : 10.4.1 & 10.4.2

Component : Spectrum Applications

Resolution

Due to feedback from customers, Spectrum will now only take the clear text password in the REST API call and will not longer require it to be encrypted. Once the password is updated, Spectrum will then encrypt the password and store it within the Spectrum database. This is functioning as designed going forward.

Additional Information

Spectrum uses SHA256 for password encryption.

Here is an example creating a hashed password of "TEST" to be used as a Spectrum user password:

TEST:
94EE059335E587E501CC4BF90613E0814F00A7B08BC7C648FD865A2AF6A22CC2

SPECTRUM USES A FIXED VALUE WHICH IS PLACED IN FRONT OF THE ENCRYPTED PASSWORD FOR INTERNAL PROCESSING:

9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0

AND A dot is required every two characters so the final password for TEST would be:

9D.1.0.25.43.1.0.6.0.0.0.20.0.0.0.94.EE.05.93.35.E5.87.E5.01.CC.4B.F9.06.13.E0.81.4F.00.A7.B0.8B.C7.C6.48.FD.86.5A.2A.F6.A2.2C.C2

SHA256 Hash Generator