search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k stars 161 forks source link

Auth failure #64

Closed mark1973ryan closed 4 years ago

mark1973ryan commented 4 years ago

Hi,

We've installed vectr behind nginx as a reverse proxy due to access restrictions. We hand off port 443 for the domain to 8443 on the tomcat container. This required going with a slightly different docker compose file in terms of networks. I'm unable auth with default password and get the following in the logs.

mongo_1 | 2020-06-01T13:50:18.408+0000 I ACCESS [conn22] SASL SCRAM-SHA-256 authentication failed for admin on admin from client 172.18.0.1:35364 ; AuthenticationFailed: SCRAM authentication failed, storedKey mismatch mongo_1 | 2020-06-01T13:50:18.413+0000 I NETWORK [conn22] end connection 172.18.0.1:35364 (5 connections now open)

I have amended the cas.properties file and the vectrservice-1.json file removing :8443 from the url. They're purely https:// now. Which is how I access the gui.

Thanks Mark

thebleucheese commented 4 years ago 
mongo_1 | 2020-06-01T13:50:18.408+0000 I ACCESS [conn22] SASL SCRAM-SHA-256 authentication failed for admin on admin from client 172.18.0.1:35364 ; AuthenticationFailed: SCRAM authentication failed, storedKey mismatch

This means that the authentication system can't connect with your MongoDB. If the environment variable MONGO_INITDB_ROOT_PASSWORD is set with non-alphanumeric symbols it can cause a startup failure due to the authentication system. This is a known issue we're investigating with the combination of our Auth provider and MongoDB, but for now you'll need to change this environment variable to an alphanumeric value. Once that is completed, you'll need to stop your containers, delete everything from your data directory (probably /var/data/sandbox1) and then start up the containers again to reinitialize the database.

This same issue can occur in a scenario where you started VECTR, stopped it, changed the MONGO_INITDB_ROOT_PASSWORD and then started it again. MONGO_INITDB_ROOT_PASSWORD is a one-time initialization password and must be kept constant after that. So in that situation, the fix is the same: deleting the files from the data directory and restarting the containers.

mark1973ryan commented 4 years ago

Thanks I'll change all my passwords to be alpha numeric. I've come across similar things before with Mongo but completely forgot. I'll confirm if it works.

mark1973ryan commented 4 years ago

Hi,

I cleaned out everything and changed all the DB passwords to alphanumeric. I'm now getting the following error:

Invalid service ticket. It was either unrecognized or has expired.

I have the host set correctly and the certs in /user/certs.

I've just noticed I'm getting port 8443 in my browser which means I must've missed a file. I've changed /etc/cas/cas.properties and /etc/cas/service/vectrservice-1.json and removed port 8443 from the urls so we hit the public domain name on the standard https port.

Thanks Mark

thebleucheese commented 4 years ago

Ah one thing I missed - Are you editing the config files directly like /etc/cas/service/vectrservice-1.json? Those are replaced by confd on startup which is what sets the config values.

Please try the suggestion shown here: https://github.com/SecurityRiskAdvisors/VECTR/issues/58#issuecomment-617523651 to override the template files that are used to setup these configuration files on container startup.

mark1973ryan commented 4 years ago

Thanks that file worked after a bit of tinkering. The final hurdle was I had forgotten about the port in .env!!!