ERROR PasswordHandler - Decrypted password from st...

ialislam · ‎05-03-2019

When attempting to SendAlert to trigger action from our Malwarebytes Splunk App. I receive the following Error in Splunkd log "ERROR PasswordHandler - Decrypted password from stanza=credential::127.0.0.1\Administrator: is not utf8, skipping". In the mbbr_python log, I receive the following Error, "05/02/19 22:42:55 dest_ip=172.16.207.125 message="password extracted for the username:127.0.0.1\Administrator"
05/02/19 22:42:55 title="error: unable to extract credentials"message="'clear_password'"

Any ideas on why?? Thanks in advance..

koshyk · ‎05-06-2019

seems like your password was not encrypted correctly. Did you put in the same app itself?
(Or may be bug in the app)
Have a try by removing from all apps, and putting the same stanza in same app within $SPLUNK_HOME/etc/system/local/<config_file>.conf

Restart Splunk and see if it fixes

ialislam · ‎05-06-2019

Thanks for your suggestions. I will test your recommendation and update on results. Yes, I did install the application and was prepared to perform a total reinstallation of my Splunk instance. But was afraid I might have some issues with reuse of developers license in rebuild Splunk instance. Results coming..

ERROR PasswordHandler - Decrypted password from stanza=credential::127.0.0.1\\Administrator: is not utf8, skipping

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation