Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 3840 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect 1.1 MR1 :: Password with %

Bartje T.

Hello,

 

Looks like authentication goes wrong with the Sophos Connect (1.1 MR1) client when there is a % in the password of the user.

If I avoid a % in the password then everything authenticates just fine!



This thread was automatically locked due to age.
  • 0

    Wow, nice find! This clearly ain't ready for production.

  • 0 in reply to ken9000

    And that is the reason, we are using a Early Access Program for this product! :)

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Apologies, didn't meant to sound snarky. I get confused as the EAP (beta) Connect client is available for download within the 17.5 OS which is a production version. The MR-1 naming convention on this release further confused me as MRs are production updates when it comes to the OS.

    Eagerly anticipating the fully functional version as we're needing to make a VPN solution change sooner than later as the old SSL client never delivered. The separate prompt for OTP will be huge for us assuming the rest of the process, as far as users go, is straightforward.

    Appreciating your efforts to getting an easy-to-use and secure VPN solution going.

  • 0 in reply to LuCar Toni

    Unfortunately this is a common problem across the entirety of the Sophos XG scope that proper input sanitisation for data entry (and authentication) seems to be not a primary driver in development.

    I am not surprised that this issue occurred and has been a bugbear of mine since Copernicus and have raised multiple issues throughout the XGs lifetime regarding input character sanitisation.

  • 0 in reply to Emile Belcourt

    Hello All,

    The issue is being raised with our development team and fix is planned for version 1.2.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    I tried version 1.2, issue hasn't been fixed unfortunately...

  • 0 in reply to Bartje T.

    Retested with Sophos Connect 1.2 and it works. Please can you provide examples of password that is not working. We will test it with the exact same username and passwords examples you provide and let you know the results.

     

    Ramesh

  • 0 in reply to rmk_95128

    For example:

    This password works: "@Pienda@2019" and the client gets connected.

    This password does not work: "@Pienda%2019", client gets "Authentication failed. Please retry." message.

    In the logging I see the following messages:

    "User failed to login to VPN through Local authentication mechanism because of wrong credentials" 

  • 0 in reply to Bartje T.

    Hello Bartje,

     

    Thank you for providing the example. Yes it is a bug. Only if the % is before the first numeric character it does not work. But % character anywhere else in the string above it works. So I hope this work around will help you to get by this issue now. We will log a bug and get it fixed in the future release based on the roadmap priorities.

     

    Ramesh

Unfiltered HTML