Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

vProduct Product Name

CIS-CAT Pro Dashboard

Product Version

v3.xx

Date



Problem

After manually resetting a user password in CIS-CAT Pro Dashboard v3 via MariaDB SQL transactions, the following error is displayed in the web browser upon signing in with a local user account:

Additionally, the The (Dashboard directory)/logs/ccpdlogs/ciscatpro.log file contains the following entry corresponding to the sign-in attempt timeframe:

Code Block
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "<id>"

Where <id> will either be a numeric value or null.

Solution

This error results from the password record one (or more) password records in the ccpd.user database missing its their required encryption identifiertag. CIS-CAT Pro Dashboard uses the {bcrypt } function algorithm to securely encrypt user passwords, store password hashes, the identifier for which needs to be part of the password string.

Log into MariaDB on the Dashboard host server in an administrative cmd.exe prompt (Windows) or terminal session (Linux):

Code Block
mariadb -u root -p

You can then view the user table in the Dashboard database using the following query
(\G will display the data in row format instead of as a table):

Code Block
SELECT * FROM ccpd.user\G;

Valid entry for the admin user with ID 1:

db_pw_correct.png

Invalid entry where the password string is missing its the {bcrypt} identifier tag:

db_pw_incorrect.png

To remedy this, re-run the steps to reset the affected user password to the system default of @admin123, including the required {bcrypt} string with the following provided hash value:

Code Block
update ccpd.user set password = '{bcrypt}$2a$10$a3q/yfSXin0JSzamE10vE.S1GWEPhINZEhNKBGoveS3DSQTF2r4vW' where username = 'admin';

Replace where username = 'admin'; in this query with the relevant username, or use where id = 1; to match the entry record by its ID from the initial error message.

You can then sign into the Dashboard account with its username and the temporary password @admin123, which will prompt for a credential change following a successful login.

Keywords; Dashboard PasswordEncoder

Content by Label

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel = "sbp_fer"

Copyright © 2024

Center for Internet Security®


Page Properties
hiddentrue

Action

Name(s)

Date

Linked ticket

Jira Legacy
serverSystem Jira
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-38341

Created by

Allan Cornwell

Reviewed by

https://cisecurity.atlassian.net/people/team/fdddccb7-3c69-4a0e-8ca9-3bf1dccd8ed3 (Amanda McGown Allan Cornwell Andrew Dannenberger Nick Romanzo )

Approved by

Team

Remove by