Security

After upgrading to Splunk 6.2, why can I no longer log in using Chrome and KeePass with saved credentials?

jmsiegma
Path Finder

After I upgraded from 6.1.3 to 6.2, my Splunk login page no longer allows me to log in using chrome + keepass.

What happens is, the username and password are retrieved from keepass, and inserted into the login screen, but it returns the error "Invalid username or password."

Looking under the covers it seems that although the web page shows the proper credentials being populated, when I performed a packet capture and looked inside it actually does not send the username or password values, as below:

POST /en-US/account/login HTTP/1.1 cval=2021369897&username=&password=&return_to=%2Fen-US%2F

If I type the information in by hand it does, it does send the username and password, as in this example:

POST /en-US/account/login HTTP/1.1 cval=2021369897&username=admin&password={password}&return_to=%2Fen-US%2F&set_has_logged_in=false 

So I am figuring that something broke in the version change.

Tags (4)

landen99
Motivator

Roboform still works. One (less than convenient) solution is, of course, to switch.

0 Karma

bosburn_splunk
Splunk Employee
Splunk Employee

Unfortunately this is something that is outside of the control of Splunk. We cannot ensure that applications like LastPass or Keepass work with our application.

Though it would be useful to know if dfronck's answer works for anyone else.

Brian

0 Karma

dfronck
Communicator

I had originally set the delay to 500ms but that was just too damn slow. I tested down to 100ms and it works consistently for me in FF and IE.

dfronck
Communicator

Put a {DELAY=X} into your Auto-Type sequence for your Splunk logon entry.

This "fixed" it for me.

{USERNAME}{TAB}{DELAY=10}{PASSWORD}{ENTER}

mikaelbje
Motivator

Also experiencing this bug or a similar one at a customer site. If they type the username and password slowly it works fine. Pasting also works, but typing the username or password quickly makes the text cursor jump one postiion back, rendering the username/password incorrect. This is very hard to spot for the password as it's all in asterisks.

The difference is that they use Chrome, but the same issue is experienced in IE.

Opening a support case.

UPDATE 2015-02-03: The issue we are facing seems related to passwords with spaces, possibly also other special characters:


Hi Mikael,

Thank you for joining the webex session today.
As discussed I have filed bug SPL-96243 for this issue where the cursor jumps when typing fast a password with spaces.

I will let you know when it will be fixed once we have the information.

Regards,
Zofnat

0 Karma

mikaelbje
Motivator

The support case in question is 205503. I'm having a webex next week with Splunk to get it confirmed. There's also a related question here: http://answers.splunk.com/answers/177065/after-upgrading-to-splunk-62-why-can-i-no-longer-l.html#ans...

0 Karma

stefan_radovano
Explorer

I also have the exact same problem. Rather annoying.

0 Karma

stefan_radovano
Explorer

This seems to be related: http://answers.splunk.com/answers/177065/after-upgrading-to-splunk-62-why-can-i-no-longer-l.html

The javascript console shows in my case:

POST https://splunk.cnt.int:8000/en-GB/account/login 401 (Unauthorized)

This is in the accountpage.js file, line 6. The only file with that name I can find in my splunk folder is /opt/splunk/share/splunk/search_mrsparkle/exposed/js/build/accountpage.js , owner is splunk.splunk and it's readable by everyone.

splunkd.log shows this whenever I try:

11-19-2014 09:42:55.834 +0100 ERROR UserManagerPro - Login failed: Username and password are required
11-19-2014 09:42:55.834 +0100 ERROR UiAuth - user= action=login status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.62 Safari/537.36" clientip=x.x.x.x

So it's pretty clear it's trying to login with empty username/password fields.

0 Karma

iKate
Builder

The same problem. Any solutions?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...