sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-24 18:43:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
07a2f56d71
sqlmap/sqlmapapi.yaml
ckingn 07a2f56d71
Update sqlmapapi.yaml 
SparkLabs Forum

https://www.sparklabs.com/forum/

Password caching
https://www.sparklabs.com/forum/viewtopic.php?t=3215

Page 1 of 1
Password caching
Posted: Tue May 16, 2023 10:20 pm
by Shabang
I'm testing setting "defaults write com.viscosityvpn.Viscosity KeyChainSupport -bool false" for Viscosity and "auth-nocache" in the connection config.

Then after waiting for the renegotiation to kick in, I'm seeing a credential prompt with the password field still filled in. Pressing enter is the only thing required to continue the connection.

I would think most people setting those two options would want to require the user to actually enter the password again. Does it work like this intentionally, am I missing something?
Re: Password caching
Posted: Wed May 17, 2023 8:50 am
by James
Hi Shabang,

Thanks for the report, it appears you've discovered a regression in a recent update. It appears that in some conditions Viscosity may still load existing saved login details from the Keychain even with the KeyChainSupport setting disabled. This should now be fixed in the latest beta version:
https://www.sparklabs.com/support/kb/ar ... -versions/

It likely hasn't been discovered until now as saving to the Keychain is still correctly disabled. So you'll only encounter it if the login details have already been saved to the Keychain prior to changing the setting.

Cheers,
James
Re: Password caching
Posted: Wed May 17, 2023 6:29 pm
by Shabang
Ok, thanks for confirming. Although looks like I didn't have any saved credentials in my keychain for Viscosity. I'm testing now with the new beta.

I think it would also be a nice feature to have the ability to allow saving the p12 file password, but not the user credentials. That way an encrypted file could be distributed to the user, who then could save the file password in the keychain, but they would still be prevented saving their own username and password.
Re: Password caching
Posted: Wed May 17, 2023 6:46 pm
by Shabang
I confirmed it in Catalina and Ventura, I'm still seeing the password field filled even without previous credentials in the keychain.
All times are UTC+10:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/
2023-06-11 07:59:06 -06:00

286 lines
8.2 KiB
YAML
Raw Blame History

openapi: 3.0.1
info:SparkLabs Forum
https://www.sparklabs.com/forum/
Password caching
https://www.sparklabs.com/forum/viewtopic.php?t=3215
Page 1 of 1
Password caching
Posted: Tue May 16, 2023 10:20 pm
by Shabang
I'm testing setting "defaults write com.viscosityvpn.Viscosity KeyChainSupport -bool false" for Viscosity and "auth-nocache" in the connection config.
Then after waiting for the renegotiation to kick in, I'm seeing a credential prompt with the password field still filled in. Pressing enter is the only thing required to continue the connection.
I would think most people setting those two options would want to require the user to actually enter the password again. Does it work like this intentionally, am I missing something?
Re: Password caching
Posted: Wed May 17, 2023 8:50 am
by James
Hi Shabang,
Thanks for the report, it appears you've discovered a regression in a recent update. It appears that in some conditions Viscosity may still load existing saved login details from the Keychain even with the KeyChainSupport setting disabled. This should now be fixed in the latest beta version:
https://www.sparklabs.com/support/kb/ar ... -versions/
It likely hasn't been discovered until now as saving to the Keychain is still correctly disabled. So you'll only encounter it if the login details have already been saved to the Keychain prior to changing the setting.
Cheers,
James
Re: Password caching
Posted: Wed May 17, 2023 6:29 pm
by Shabang
Ok, thanks for confirming. Although looks like I didn't have any saved credentials in my keychain for Viscosity. I'm testing now with the new beta.
I think it would also be a nice feature to have the ability to allow saving the p12 file password, but not the user credentials. That way an encrypted file could be distributed to the user, who then could save the file password in the keychain, but they would still be prevented saving their own username and password.
Re: Password caching
Posted: Wed May 17, 2023 6:46 pm
by Shabang
I confirmed it in Catalina and Ventura, I'm still seeing the password field filled even without previous credentials in the keychain.
All times are UTC+10:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/
title: sqlmapapi OpenAPI/Swagger specification
version: '0.1'
paths:
/version:
get:
description: Fetch server version
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
version:
type: string
example: "1.5.7.7#dev"
success:
type: boolean
example: true
/task/new:
get:
description: Create a new task
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
taskid:
type: string
example: "fad44d6beef72285"
success:
type: boolean
example: true
/scan/{taskid}/start:
post:
description: Launch a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
requestBody:
content:
application/json:
schema:
type: object
properties:
url:
type: string
examples:
'0':
value: '{"url":"http://testphp.vulnweb.com/artists.php?artist=1"}'
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
engineid:
type: integer
example: 19720
success:
type: boolean
example: true
/scan/{taskid}/stop:
get:
description: Stop a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
/scan/{taskid}/status:
get:
description: Fetch status of a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
status:
type: string
example: terminated
returncode:
type: integer
example: 0
success:
type: boolean
example: true
/scan/{taskid}/list:
get:
description: List options for a given task ID
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
options:
type: array
items:
type: object
/scan/{taskid}/data:
get:
description: Retrieve the scan resulting data
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
type: object
success:
type: boolean
example: true
error:
type: array
items:
type: object
/scan/{taskid}/log:
get:
description: Retrieve the log messages
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
log:
type: array
items:
type: object
success:
type: boolean
example: true
/scan/{taskid}/kill:
get:
description: Kill a scan
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
/task/{taskid}/delete:
get:
description: Delete an existing task
parameters:
- in: path
name: taskid
required: true
schema:
type: string
description: Scan task ID
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
Reference in New Issue View Git Blame Copy Permalink