Author Topic: v16 - 0x80040E57 message when trying to change User Password (Read 2172 times)

Paolo F Cantoni · « **on:** July 20, 2022, 02:38:14 pm »

When we try to change the password of a local user, we get an 0x80040E57 string or binary truncated error, and when we try to use the new password, it fails! We have checked t_secuser (currently defined as:

Code: [Select]

CREATE TABLE [t_secuser]
(
   [UserID] nvarchar(40) NOT NULL,
   [UserLogin] nvarchar(255) NOT NULL,
   [FirstName] nvarchar(50) NOT NULL,
   [Surname] nvarchar(50) NOT NULL,
   [Department] nvarchar(50),
   [Password] nvarchar(12),
   CONSTRAINT [pk_secuser] PRIMARY KEY CLUSTERED ([UserID] ASC)
)
GO

) and the values DO change! Does anyone else get this? Now that we changed the password, we can't get in as a local Admin!

BTW, even if we replace the password with the SAME password, the password value changes! Should it?

Since (if you note), the password column can be NULL, if we set the value to NULL by direct SQL, we can log in as admin, <no password>! Not very secure! NOTE also that if we leave the password fields blank in the UI, we get a value in the Password column (and the error message) and can't log in as admin, <no password>!

If you're confused, so am I!
Paolo

[Edit: On a whim, we changed all the column lengths to much larger values but still get the error! They are now back as they should be]

Takeshi K · « **Reply #1 on:** July 20, 2022, 04:00:28 pm »

Hell Paolo,

Quote from: Paolo F Cantoni on July 20, 2022, 02:38:14 pm

Since (if you note), the password column can be NULL, if we set the value to NULL by direct SQL, we can log in as admin, <no password>! Not very secure! [/size]

About the above your comment, I think your assumption is not fair. If someone could execute SQL to change as you wrote, he/she must be able to get or change everything by using SQL. To prevent executing SQL is not an Enterprise Architect issue, but a database rights setting issue.

As written in the help, the primary intent of Model Security is not to prevent access to information.
https://sparxsystems.com/enterprise_architect_user_guide/16.0/model_security/usersecurity.html

Takeshi K · « **Reply #2 on:** July 20, 2022, 04:12:48 pm »

Just one more comment...
(Sorry, I do not know anything about your main topic.)

Quote from: Paolo F Cantoni on July 20, 2022, 02:38:14 pm

BTW, even if we replace the password with the SAME password, the password value changes! Should it?

I think it should be. If the password value would not be changed for the same text, this means that there is only 1 rule to encrypt the password text. It is a big hint to find the encryption rule. The encrypted values should always be changed to prevent from guessing the encryption rule.

qwerty · « **Reply #3 on:** July 20, 2022, 05:54:49 pm »

Report a bug. Won't help much but sending none will even help less :-/

q.

Paolo F Cantoni · « **Reply #4 on:** July 20, 2022, 09:42:35 pm »

Quote from: qwerty on July 20, 2022, 05:54:49 pm

Report a bug. Won't help much but sending none will even help less :-/

q.

I need confirmation first. I've had issues before which turned out to be our environment.

Paolo

qwerty · « **Reply #5 on:** July 21, 2022, 12:08:06 am »

Quote from: Paolo F Cantoni on July 20, 2022, 02:38:14 pm

BTW, even if we replace the password with the SAME password, the password value changes! Should it?

If it's salted (and it should be) then yes.

q.

Sparx Systems Forum

News: