This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prefill password in Sophos VPN

Hi,

I have to enter a password in Sophos VPN. The first part is always the same and the second is changing every 30 seconds.

Can I prefill Sophos VPN with username and the first part of the password?

Cheers

Clothia



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Are you trying to turn off the OTP?

    If you’re trying to save the user credentials, the OpenVPN Client does not have a secure way to save the password. 

    Thanks,

  • I want to save part of the credentials.

    For password I have to enter a static part and a token from an auth-app.

    Since the static part is about 20 characters strong, I would prefer to pre-fill that part.

  • I tried another plugin (twofactorqrcodereader).

    And it seems to add the right entries to keypass, but now, I am always getting the wrong credentials.

    Not sure why I am getting the additional {ENTER}.

    Arrrrggghgh

  • In the 'Use custom keystroke....' you can manually adjust the placeholders and their order.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Thanks apijnapple.

    I read your Keepass blog and it is exactly what I did, but it always opens the Keepass window at the end and it does not log me in.

    Very strange.

  • Strange indeed. You did "have the Sophos SSL VPN client ask you for the password (so the screen is opened) when you started configuring Auto-type and you did find the correct screen? If not then Keepass wouldn't know what to type into this window.

    Also in Keepass Under 'Tools' - 'Options', tab 'Integration' you can find if in your case the Auto Type is also Ctrl-Alt-A.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I open my SSL VPN client and press CTRL-ALT-A and it fills in the credentials. At the end it opens The Keepass entry for some strange reason.

    Plus I am rejected from Sophos login, because of wrong credentials.

    If I am adding the password (CTRL+C - CTRL+V) and use AuthPoint to get the 6 digits it works.

  • Try to add an autotype entry with the same settings but then for notepad application.

    You can then SEE what is being sent. If you don't want to show the password, then you can just leave out {password} but especially you will want to see {timeotp} and match if this is correct with what your authenticator app is generating.

    If they are different, then first check the time on both the firewall and the device with the authenticator app. Also if time is correct on both, then double check that you have actually a HEX secret and not maybe a Base32 Secret. If your secret only consists of A-Z in capitals and the numbers 2-7 then you should use BASE32 and not HEX. If you secret contains 0-9 and A-F characters then its Hex.

    See the Keepass website for more information on how to configure one or the other.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I can see the OTP on a new line, probably you have {USERNAME}{TAB}{PASSWORD}{ENTER}{TIMEOTP} still. You can manually adjust the order to {USERNAME}{TAB}PASSWORD}{TIMEOTP}{ENTER}

    Also you can check in notepad whether the 6-digit number is the same as the one from your authenticator device.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • I do have timeotp-enter and the number is not the same as from my authenticator device.

    Strange.

  • You'll most likely need to choose another field name (with a different source), see keepass.info/.../placeholders.html


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply Children
No Data