This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect 1.1 MR1 :: Password with %

Hello,

Looks like authentication goes wrong with the Sophos Connect (1.1 MR1) client when there is a % in the password of the user.

If I avoid a % in the password then everything authenticates just fine!

This thread was automatically locked due to age.

Parents

0 ken9000 over 5 years ago

Wow, nice find! This clearly ain't ready for production.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 5 years ago in reply to ken9000

And that is the reason, we are using a Early Access Program for this product! :)

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 ken9000 over 5 years ago in reply to LuCar Toni

Apologies, didn't meant to sound snarky. I get confused as the EAP (beta) Connect client is available for download within the 17.5 OS which is a production version. The MR-1 naming convention on this release further confused me as MRs are production updates when it comes to the OS.

Eagerly anticipating the fully functional version as we're needing to make a VPN solution change sooner than later as the old SSL client never delivered. The separate prompt for OTP will be huge for us assuming the rest of the process, as far as users go, is straightforward.

Appreciating your efforts to getting an easy-to-use and secure VPN solution going.
Cancel
Vote Up 0 Vote Down

Cancel
0 Emile Belcourt over 5 years ago in reply to LuCar Toni

Unfortunately this is a common problem across the entirety of the Sophos XG scope that proper input sanitisation for data entry (and authentication) seems to be not a primary driver in development.

I am not surprised that this issue occurred and has been a bugbear of mine since Copernicus and have raised multiple issues throughout the XGs lifetime regarding input character sanitisation.
Cancel
Vote Up 0 Vote Down

Cancel
0 Aditya Patel over 5 years ago in reply to Emile Belcourt

Hello All,

The issue is being raised with our development team and fix is planned for version 1.2.

Regards,

Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bartje T. over 5 years ago in reply to Aditya Patel

I tried version 1.2, issue hasn't been fixed unfortunately...
Cancel
Vote Up 0 Vote Down

Cancel
0 rmk_95128 over 5 years ago in reply to Bartje T.

Retested with Sophos Connect 1.2 and it works. Please can you provide examples of password that is not working. We will test it with the exact same username and passwords examples you provide and let you know the results.

Ramesh
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rmk_95128 over 5 years ago in reply to Bartje T.

Retested with Sophos Connect 1.2 and it works. Please can you provide examples of password that is not working. We will test it with the exact same username and passwords examples you provide and let you know the results.

Ramesh
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Bartje T. over 5 years ago in reply to rmk_95128

For example:

This password works: "@Pienda@2019" and the client gets connected.

This password does not work: "@Pienda%2019", client gets "Authentication failed. Please retry." message.

In the logging I see the following messages:

"User failed to login to VPN through Local authentication mechanism because of wrong credentials"
Cancel
Vote Up 0 Vote Down

Cancel
0 rmk_95128 over 5 years ago in reply to Bartje T.

Hello Bartje,

Thank you for providing the example. Yes it is a bug. Only if the % is before the first numeric character it does not work. But % character anywhere else in the string above it works. So I hope this work around will help you to get by this issue now. We will log a bug and get it fixed in the future release based on the roadmap priorities.

Ramesh
Cancel
Vote Up 0 Vote Down

Cancel