When using LDAP authentication, log entries do not include usernames for failed login attempts

ExTechOp commented 4 years ago

Description:

When using LDAP authentication, log entries do not include usernames for failed login attempts.

Steps to reproduce:

In administration / settings / LDAP, enable LDAP authentication.
Configure LDAP host, port, encryption etc. to match your LDAP server.
Once your LDAP authentication works, attempt to log in with an intentionally incorrect password.

Expected behavior:

Usernames for failed login attempts get entered into logs normally.

Actual behavior:

Logs appear with "unknown" fields where usernames should appear, albeit with the correct IP address:

Jul 02 08:53:51 rocketchat.ourdomain.net rocketchat[25799]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::4d] UserAgent[Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0]
Jul 02 08:55:13 rocketchat.ourdomain.net rocketchat[25799]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::4d] UserAgent[Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0]

Server Setup Information:

Version of Rocket.Chat Server: 3.4.0
Operating System: CentOS Linux release 7.8.2003 (Core)
Deployment Method: tar
Number of Running Instances: 20
DB Replicaset Oplog: yes
NodeJS Version: v12.16.1
MongoDB Version: v3.6.18

Relevant logs:

Above.

github-actions[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

photoninger commented 4 years ago

Still the same in rocket.chat-3.5.2, username "unknown" in the logs.

ExTechOp commented 4 years ago

Indeed, we still get entries like this on rocket chat 3.5.4 a regular basis:

Sep 01 16:13:15 rocketchat.ourdomain.net rocketchat[2995]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::2b] UserAgent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Rocket.Chat/2.17.7 Chrome/78.0.3904.130 Electron/7.1.10 Safari/537.36]
Sep 02 10:35:02 rocketchat.ourdomain.net rocketchat[3007]: Failed login detected - Username[unknown] ClientAddress[80.119.239.20] ForwardedFor[undefined] XRealIp[80.119.239.20] UserAgent[RC Mobile; android 7.1.1; v4.10.0 (2135)]
Sep 02 11:30:55 rocketchat.ourdomain.net rocketchat[2996]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::249] UserAgent[Mozilla/5.0 (X11; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0]
Sep 02 11:39:26 rocketchat.ourdomain.net rocketchat[3003]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::96] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0]

ExTechOp commented 3 years ago

This unfortunately still seems to be an issue with rocket chat 3.9.1:

Jan 14 11:56:52 rocketchat.ourdomain.net rocketchat[20043]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c:336:c50f:5f25] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0]
Jan 14 15:08:13 rocketchat.ourdomain.net rocketchat[20086]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[80.119.239.44] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041]
Jan 14 15:12:37 rocketchat.ourdomain.net rocketchat[20086]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c:27ff:fe19:dbd8] UserAgent[Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0]

ipikiiskinen commented 2 years ago

Still an issue with 3.18.3 We have Accounts > Login Logs all options enabled (including "Show Username on failed login attempts logs"), but the logs have only little information about failed logins, an example:

2021-12-27T11:08:35.066915000+02:00 Failed login detected - Username[unknown] ClientAddress[10.10.10.10] ForwardedFor[11.11.11.11] XRealIp[undefined] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36]

ExTechOp commented 2 years ago

Unfortunately the issue still persists with Rocket.Chat 4.3.1 (although the log format has slightly changed).

Jan 12 05:54:54 rocketchat rocketchat[1049994]: {"level":30,"time":"2022-01-12T03:54:54.185Z","pid":1049994,"hostname":"rocketchat.ourdomain.net","name":"System","msg":"Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[2010:1b4a:4f9:bb00:ccd8:1d5f:6b89:af75] UserAgent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36]"}
Jan 12 08:10:43 rocketchat rocketchat[1049994]: {"level":30,"time":"2022-01-12T06:10:43.751Z","pid":1049994,"hostname":"rocketchat.ourdomain.net","name":"System","msg":"Failed login detected - Username[unknown] ClientAddress[80.119.28.178] ForwardedFor[undefined] XRealIp[80.119.28.178] UserAgent[unirest-java/1.3.11]"}
Jan 12 08:11:23 rocketchat rocketchat[1049994]: {"level":30,"time":"2022-01-12T06:11:23.081Z","pid":1049994,"hostname":"rocketchat.ourdomain.net","name":"System","msg":"Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:10:4008:b::41] UserAgent[Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0]"}

RocketChat / Rocket.Chat