Author Topic: v16 - 0x80040E57 message when trying to change User Password  (Read 530 times)

Paolo F Cantoni

  • EA Guru
  • *****
  • Posts: 8323
  • Karma: +236/-129
  • Inconsistently correct systems DON'T EXIST!
    • View Profile

When we try to change the password of a local user, we get an 0x80040E57 string or binary truncated error, and when we try to use the new password, it fails!  We have checked t_secuser (currently defined as:
Code: [Select]
CREATE TABLE [t_secuser]
(
   [UserID] nvarchar(40) NOT NULL,
   [UserLogin] nvarchar(255) NOT NULL,
   [FirstName] nvarchar(50) NOT NULL,
   [Surname] nvarchar(50) NOT NULL,
   [Department] nvarchar(50),
   [Password] nvarchar(12),
   CONSTRAINT [pk_secuser] PRIMARY KEY CLUSTERED ([UserID] ASC)
)
GO
) and the values DO change! Does anyone else get this?  Now that we changed the password, we can't get in as a local Admin!

BTW, even if we replace the password with the SAME password, the password value changes!  Should it?

Since (if you note), the password column can be NULL, if we set the value to NULL by direct SQL, we can log in as admin, <no password>!  Not very secure!  NOTE also that if we leave the password fields blank in the UI, we get a value in the Password column (and the error message) and can't log in as admin, <no password>!

If you're confused, so am I!
Paolo

[Edit: On a whim, we changed all the column lengths to much larger values but still get the error!  They are now back as they should be]
« Last Edit: July 20, 2022, 02:42:36 pm by Paolo F Cantoni »
Inconsistently correct systems DON'T EXIST!
... Therefore, aim for consistency; in the expectation of achieving correctness....
-Semantica-
Helsinki Principle Rules!

Takeshi K

  • EA User
  • **
  • Posts: 455
  • Karma: +19/-1
    • View Profile
Re: v16 - 0x80040E57 message when trying to change User Password
« Reply #1 on: July 20, 2022, 04:00:28 pm »
Hell Paolo,

Since (if you note), the password column can be NULL, if we set the value to NULL by direct SQL, we can log in as admin, <no password>!  Not very secure!  [/size]

About the above your comment, I think your assumption is not fair. If someone could execute SQL to change as you wrote, he/she must be able to get or change everything by using SQL. To prevent executing SQL is not an Enterprise Architect issue, but a database rights setting issue.

As written in the help, the primary intent of Model Security is not to prevent access to information.
https://sparxsystems.com/enterprise_architect_user_guide/16.0/model_security/usersecurity.html


--
t-kouno

Takeshi K

  • EA User
  • **
  • Posts: 455
  • Karma: +19/-1
    • View Profile
Re: v16 - 0x80040E57 message when trying to change User Password
« Reply #2 on: July 20, 2022, 04:12:48 pm »
Just one more comment...
(Sorry, I do not know anything about your main topic.)

BTW, even if we replace the password with the SAME password, the password value changes!  Should it?

I think it should be. If the password value would not be changed for the same text, this means that there is only 1 rule to encrypt the password text. It is a big hint to find the encryption rule. The encrypted values should always be changed to prevent from guessing the encryption rule.
 
--
t-kouno

qwerty

  • EA Guru
  • *****
  • Posts: 12980
  • Karma: +371/-298
  • I'm no guru at all
    • View Profile
Re: v16 - 0x80040E57 message when trying to change User Password
« Reply #3 on: July 20, 2022, 05:54:49 pm »
Report a bug. Won't help much but sending none will even help less :-/

q.

Paolo F Cantoni

  • EA Guru
  • *****
  • Posts: 8323
  • Karma: +236/-129
  • Inconsistently correct systems DON'T EXIST!
    • View Profile
Re: v16 - 0x80040E57 message when trying to change User Password
« Reply #4 on: July 20, 2022, 09:42:35 pm »
Report a bug. Won't help much but sending none will even help less :-/

q.
I need confirmation first.  I've had issues before which turned out to be our environment.

Paolo
Inconsistently correct systems DON'T EXIST!
... Therefore, aim for consistency; in the expectation of achieving correctness....
-Semantica-
Helsinki Principle Rules!

qwerty

  • EA Guru
  • *****
  • Posts: 12980
  • Karma: +371/-298
  • I'm no guru at all
    • View Profile
Re: v16 - 0x80040E57 message when trying to change User Password
« Reply #5 on: July 21, 2022, 12:08:06 am »
BTW, even if we replace the password with the SAME password, the password value changes!  Should it?
If it's salted (and it should be) then yes.

q.