How to obfuscate the clear password for the vbroker.security.wallet.password parameter in context.xml file
search cancel

How to obfuscate the clear password for the vbroker.security.wallet.password parameter in context.xml file

book

Article ID: 409512

calendar_today

Updated On:

Products

Network Observability Spectrum

Issue/Introduction

There was a security pentest done on Spectrum 24.3.9 and the point that we have the vbroker.security.wallet.password as a clear text in the $SPECROOT/tomcat/webapps/spectrum/META-INF/context.xml file and it is also visible in the OneClick Administration à SPECTRUM Configuration page:

Environment

DX NetOps Spectrum: Any version

Resolution

Use the encode functionality of CryptoWrapper Utility to obfuscate the vbroker.security.wallet.password.

Here are the steps to follow:

1) ./CryptoWrapper encode 'clear password' (without quotes)

It gives the encoded value like: OBF:1q5c18qq1pbk1idn1nzj19501ik01rwf1ioe194q1nwv1igj1pce18qk1q3i

2) Now replace 'clear password' with OBF:1q5c18qq1pbk1idn1nzj19501ik01rwf1ioe194q1nwv1igj1pce18qk1q3i in $SPECROOT/tomcat/webapps/spectrum/META-INF/context.xml file and save the file.

3) Reboot tomcat service.

4) Now analyze the Administration Page --> Spectrum Configuration --> ORB Properties the password will be obfuscated.

 

Reference: https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/24-3/encrypt-passwords-using-the-cryptowrapper-utility.html

Powered by Wolken Software