"No PasswordEncoder mapped" in CIS-CAT Pro Dashboard v3

Product Name

CIS-CAT Pro Dashboard

Product Version

v3.xx

Date

Nov 13, 2024

Problem

After resetting a user password in CIS-CAT Pro Dashboard v3 via MariaDB SQL transactions, the following error is displayed upon signing in with a local account:

The (Dashboard directory)/logs/ccpdlogs/ciscatpro.log file contains the following entry corresponding to the sign-in attempt timeframe:

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "<id>"

Where <id> will either be a numeric value or null.

Solution

This error results from one (or more) password records in the ccpd.user database missing their required encryption tag. CIS-CAT Pro Dashboard uses the bcrypt algorithm to securely store password hashes, the identifier for which needs to be part of the string.

Log into MariaDB on the Dashboard host server in an administrative cmd.exe prompt (Windows) or terminal session (Linux):

mariadb -u root -p

You can then view the user table in the Dashboard database using the following query
(\G will display the data in row format instead of as a table):

SELECT * FROM ccpd.user\G;

Valid entry for the admin user with ID 1:

Invalid entry where the password string is missing the {bcrypt} tag:

To remedy this, reset the affected user password to the system default of @admin123, including the required {bcrypt} string with the following provided hash value:

Replace where username = 'admin'; in this query with the relevant username, or use where id = 1; to match the record by its ID from the initial error message.

You can then sign into the Dashboard account with its username and the temporary password @admin123, which will prompt for a credential change following a successful login.

Keywords; Dashboard PasswordEncoder

Content by Label

Page:

Feature Enhancement Requests for CIS Products

Center for Internet Security®

Privacy Policy