cancel
Showing results for 
Search instead for 
Did you mean: 

Security problem...

asdasd_asdasd
Active Participant
0 Kudos

Hi Experts, I discovered a big hole in the security in ID<-->XI, is the connection between "ID" and "XI" is "HTTP", using any sniffer is possible view all XMLs of communication channels, including passwords configured.

How it works:

ID -> XI:

ID sends decrypted passwords and XI encrypts them and stores (can see encrypted in the rwm cache)

XI -> ID:

XI decrypt the passwords and sent to ID

Is there any solution to this problem?. (the good of this problem is that it is possible to retrieve forgotten password of CCs :D)

Something that could be improved is that the password will decrypt the ID....

Best Regards.

Accepted Solutions (1)

Accepted Solutions (1)

udo_martens
Active Contributor
0 Kudos

Hi Maximiliano,

Is there any solution to this problem?

Use of HTTPS for example?

/Udo

asdasd_asdasd
Active Participant
0 Kudos

is it really possible?, you will have some documentation about this?

Answers (1)

Answers (1)

former_member191911
Contributor
0 Kudos

This is no security hole, this is just how the http protocol works... The password goes unencrypted over the line..

Like Udo proposed, use https instead of http.

Kr. Mark

asdasd_asdasd
Active Participant
0 Kudos

Ok, all the time working with PI never seen HTTPS connection between ID<-> XI,this is very dangerous to the security of the systems involved with PI.

Best Regards