Error while retrieving Password from webMethods Extended Settings Tab

Hi All,

We are currently using webMethods version- 10.5, we are observing issue while fetching password value from webMethods Extended Setting tab of Integration Server for below Key
watt.password=abcd
Here the Key used is watt.password & corresponding value is abcd, for this entry the password would be seen in encrypted format in wM extended settings tab

However during code execution, we were able to retrieve the actual value using pub.utils:getServerProperty, please find below screenshot

image1114×496 16.8 KB

Recently we observed that the password retrieved is still in Encrypted format ******

Looks like anything in extended settings having word ‘Password or password’ element in it, has this issue.

Could you please help us in providing your inputs on resolving this issue ?

Thanks,
Sagar ks

Hi Sagar,

As part of IS_10.5_Core_Fix11, changes were made to mask the passwords. However, it also saved the passwords in masked format. This will be fixed in upcoming Fix15. Below is readme entry for this issue.

After installing a fix that includes PIE-70713, if a server configuration parameter name ends with “password” or “Password”, Integration Server saves the masked value instead of the actual value.

When editing or viewing extended settings (server configuration parameters) on the Settings > Extended page in the legacy Integration Server Administrator, Integration Server masks the value of any parameter whose name ends with “password” or “Password”. However, when saving the parameter value, Integration Server saves the mask instead of the actual value.

This issue is now resolved.

Regards,
-Kalpesh

Thanks for your response Kalpesh.

Best Regards,
Sagar ks

Storing a password, masked or otherwise, in the extended settings seems ill-advised. Not the intended/right place for customer-defined anything.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.