CA Directory - dxsearch/dxmodify encrypt clear text password
search cancel

CA Directory - dxsearch/dxmodify encrypt clear text password


Article ID: 251964


Updated On:


CA Directory


The current situation we see today is that the audit events in windows event viewer is exposing bind passwords for dxtools operation in our scripts including dxsearch and dxmodify. 


New Process Name: D:\CA\Directory\dxserver\bin\dxmodify.exe
Process Command Line: dxmodify  -h localhost -p port -D "uid=DirectoryAdmin,ou=Admins,o=broadcom,c=US" -w "exposed-plain-text-password"

This is happening using both dxsearch and dxmodify. 

Is it possible to not expose the password in the command?


Release : 14.1


Due to Ldapsearch restrictions, the bind password must be in clear-text but to maybe help you with your issue with the password showing up within event viewer you can try performing the below steps.

1) Create a file that contains the clear-text password.

2) Modify your code to use the -y command. This will have the dxmodify use the password in your file and your event viewer will most likely not show your plain text file.


dxsearch -b o=broadcom,c=US -D uid=DirectoryAdmin,ou=Admins,o=broadcom,c=US -y "C:\bind.txt" -h Hostname:19389 

bind.txt contents:

Please test this locally and let me know if it remediates the vulnerability of the password being in clear-text within the event viewer.