Default Password in Documentation outdated

[who1smrrobot]

Dear VECTR Team,

I'm currently analysing the tool landscape for purple team operations and found your tool. When following the documentation (https://docs.vectr.io/Installation/), the default credentials are incorrect:

User: admin
Password: 11_ThisIsTheFirstPassword_11

Can you help me out on what's the default password?

BR and happy easter to all of you :)

[thebleucheese]

That default password is correct. What OS are you using as a docker host? Does the hostname match exactly in the .env file and in your /etc/hosts file? FYI - I think using 'localhost' may cause problems if you tried using that hostname.

You can check the logs of the tomcat container to see if it started up ok:

docker ps -a will list containers running docker logs <containername> will show logs for that container

In there you should see CAS startup

followed by a bunch of logging messages related to data being loaded...

And finally a server startup time (which should be somewhere from 30-90 seconds depending on hardware, if shorter there may be an issue)

To verify the application is working I spun up a new VECTR 5.5.6 instance on a Ubuntu LTS 18 host and logged in. On this Ubuntu instance, I had to run the docker commands as sudo since I haven't set up docker permissions in this test environment as if this were a production deployment.

[thebleucheese]

Hi, we encountered this issue in one scenario. I'm going to close the issue because it's related to environment variable configuration.

This is the scenario that can occur which will make the authentication database password unknown.

1. User starts VECTR with .env var MONGO_INITDB_ROOT_PASSWORD set to 'value1' or left as default. This will create a Mongo database at VECTR_DATA_DIR on the docker host. Since this value is an init password it must be set on startup of a new database and then the value must stay the same to continue connecting to that database.
2. You decide that you want to change the Mongo DB password, so you change MONGO_INITDB_ROOT_PASSWORD to 'value2'. You possibly even recreate the containers at this step, however since VECTR_DATA_DIR is a volume on your docker host (by default it's stored in /var/data) it will persist unless moved or deleted on the host.
3. The existing MongoDB data in VECTR_DATA_DIR expects a password of 'value1' but that is not what is now set in the .env file. As a result, the authentication service can't connect to the database and you see an immediate auth error when trying to login.

...

This brings up a potential question - If I created my VECTR instance without modifying settings in the .env file and I made many changes that I want to keep, how do I persist them and change the MongoDB password to have a more secure environment?

The answer to that is once the container is built, the password can not be changed after that initial creation. However, data can be exported from that database with the command line mongodump tool and the database can be recreated with a new password and old data imported. This step MUST be done via docker exec commands and the command line!! The VECTR UI backup functionality is incomplete and will not persist some important data. Once you've run mongodump and verified all of your data has successfully exported you can bring down your currently running containers, delete your existing VECTR mongodb container, and place the mongodump data in /user/mongo. Then you can edit the .env with a new, safer MONGO_INITDB_ROOT_PASSWORD value and run docker-compose up -d. VECTR should startup and import all of your existing data and mongodb should have a new password.