Closed APX-IT closed 11 months ago
@APX-IT
After manually deleting cookies and reloading the login page comes back up.
I'd say this is the expected behavior. Once you log in, a JWT token is stored in the browser. This token is valid until one of the following conditions happen:
If you change the passwords while being logged in, the app will use the token because none of these conditions have happened, although the token itself has been already revoked by the indexer's security plugin due to the permissions / credentials change.
This behaviour ends as soon as the Wazuh dashboard web interface gets opened from a incognito browser window.
Incognito mode sessions flush all cache, cookies and local storage, so again, that's a perfectly normal and expected situation, as a new token is generated for this session.
The only thing I'd expect is to have a 401 Unauthorized code instead of 500, but aside from that, I do not see any problem in your report.
Describe the bug
Wazuh Dashboard serves a 500 error / internal server error on the web interface for a previously logged in admin user (browser cookies still present) after changing default passwords as described in https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html#changing-the-passwords-in-a-distributed-environment Also Wazuh Indexer logs suggests Wazuh dashboard is trying to connect with kibanaserver user & the admin user with the wrong credentials (old/default credentials). This behaviour ends as soon as the Wazuh dashboard web interface gets opened from a incognito browser window. This is also true for the below errors appearing in the cluster log which suggests that Wazuh dashboard hits the Wazuh indexer cluster with old credentials until the front-end get successfully loaded once. After manually deleting cookies and reloading the login page comes back up.
Wazuh indexer log -
/var/log/wazuh-indexer/wazuh-indexer-cluster.log
:Wazuh dashboard IP redacted to 1.2.3.4 in above log
Wazuh dashboard log (manually configured via
logging.dest
inopensearch_dashboard.yml
:Expected behavior
OpenSearch Version 2.6.0
Dashboards Version vanilla installation of 4.5
Plugins vanilla installation
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):