Jump to content

Ulf

Members
  • Content Count

    18
  • Joined

  • Last visited

About Ulf

  • Rank
    Member

Profile Information

  • Location
    Stockholm, Sweden

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Ok you actually do have to be able to reach haveibeenpwned.com from the server if you want the HaveIbeenPwned report to work....
  2. Ok I solved the problem.... This is a Client side Script!!! You need to say this as this is important for all of us not giving internet access to all of our systems.... So opening acces to the haveibeenpwned site from the clients made it work... You actually don't even need the passwordstate server to be able to access haveibeenpwned. Problem solved... Please update your Documentation on this so others will not go into the same problem. Best Regards Ulf
  3. Hi some update... and questions... I finaly had some time yesterday to do some digging in to this in our system. I found that all the haveibeenpwned integration works when logged in localy to the server and running it from a webbrowser there but not when connecting to the server from a different server. Can you maybe point me in the right direction as to what we have locked down to tight, the GPO is basically the same for the server and the connecting server. Is any of the haveibeenpwned code running in the browser? could I enable some debug mode? I'll contakt you thru the support channel as well but just wanted to post it here for the rest to see.
  4. Still no attempt to go to api.pwnedpasswords.com when saving new passwords, it only takes forever to save while it is "trying" to check the password.
  5. For me the report does not work, I dont get the email even when I shedule and run the report. And all I get when I click the export to excel in the Reports menu is a CSV with the top column definitions. I can se in the firewall that it gets 250 Kb of data from 104.18.206.87 whitch is Name: api.pwnedpasswords.com Addresses: 2606:4700::6812:ce57 2606:4700::6811:ac66 104.18.206.87 104.17.172.102 so it is doing something... We are not using any Loadbalancer or Proxy, reverse or other types. We do have a firewall but it says the trafic is alowed.
  6. I have the same problem on a fresh install 8679 right now. Works on our other Passwordstate install on 8573 No HaveIbeenPwned integration i passwordstate 8679 is working for me right now. I have checked the firewall for blocks but it is not even trying to connect according to the session data in the firewall.
  7. Hi guys I have been looking to pull out reports for who has had acces to what account during what time and their reason for it. On some admin accounts we have the checkout with a reason activated and the password is reset when checkedin.(so we know that only the user who checkedout the password had access to the account during this time) So I would like a report on who has checkedout what account and during what time was this checkedout and the reason for checking this out. Today I have only found reports where I se who checkedout an account and when it is checkedin and that is in a list/audit form so I have to peice together events of checkouts and checkins to form the report. I haven't found any way of getting the reason for checkout in any report today, is there a report today that gives me that? Or can I do that from the API? Example headers for the new proposed report User | account that was checkedout | time for checkout | time for checkin | duration of checkout | reason for checkout This would be realy nice for the annual reviews on SOX compliance on who has access to accounts with high privilege rights. Best Regards Ulf
  8. I would like to be able to set the message that is shown to the user when he och she is inputting a bad password. So I can explain the password rules and such.
  9. Ulf

    Have I Been Pwned? Integration

    Hi again seams like we are not alone with the problem then.... :-) One idea could be to let people put the password in the first time it's created but not to update to a password that is found to be bad. One other thing that would be a nice feature is some way of popping up a small popup guide when you are creating a password so we could give tips on how one should go about when creating a good strong password. For example the "Bad password popup" is a static message, it would be nice if I could set this message to what I want, then I could say something like "this password is actually known to bad guys and therefore you are not permitted to use it" or just give a short lesson in our password policy I bet all companies would want to say different things so the possibilities are endless. If you made it a ifferent kind of popup even liks to intranet resourses could be put in. Features that would let us security people easily and when it is needed educate the masses so to speak, this would be best done when they actually is creating a new password that is found to be inadequate would be greatly appreciated. The only tool given by Passwordstate right now (that I am aware of) for this is the emails and they are not always as effective as I would like. Keep up the awesomeness :-D Ulf
  10. Ulf

    Have I Been Pwned? Integration

    Yes this is a recurring prosess in alot of password lists. And as far as i know I don't get notified if the password is bad if i disable the "prevent bad passwords"...
×