Rocket Remote Desktop Support Forums Rocket Remote Desktop Remote Desktop Support (Version 2015 - 2020) v
Bug: Corrupt private credential visible for everyone / private folder visible

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Bug: Corrupt private credential visible for everyone / private folder visible
thogud Offline
Member
***
Posts: 81
Threads: 22
Joined: Mar 2015
Reputation: 0
#1
24-02-2016, 01:42 PM
Hi

We just had a issue with a new credential for a colleague.
He created a new private credential.

This ended up corrupt/with encryption issues. Making it visible for everyone and I got the typical error message when starting ASG-RD stating there is one or more invalid/corrupt/uncrypted credentials.

He fixed the credential now and it is not visible anymore for all the other users. However his private folder still is (even after I tried to restarter ASG-RD).

Seems like some security/visibility bug will occur if a private credential gets corrupt?

kegj is a private folder for his user. And I can verify it still states Private from my admin account, however every user can see it, so seems it got bugged and acts like a public folder.

Before he fixed his private credential from a normal user:
[Image: private_credential_normal_user.jpg]

Before he fixed his private credential as a new login from my admin account:
[Image: private_credential_login_as_admin_user.jpg]

After he fixed it for both me as admin + other users:
[Image: private_credential_admin_login_after_fix.jpg]
Find
Reply
DevOma Offline
Posting Freak
*****
ASG
Posts: 11,366
Threads: 103
Joined: Aug 2006
Reputation: 211
#2
24-02-2016, 03:58 PM
I don't know how it is possible but I try to show you some SQL commands to correct

First try to get the row for the private folder

SELECT * FROM Items WHERE Text = 'kegj'

Check the 2 columns "Private" and "UserId" - perhaps it's marked private but there is no UserId? I guess that might be the problem... if yes, please continue...

Copy the ItemId. Now you can get the UserId from table "Users" - so just execute SELECT * FROM Users

Pick up the ID for the right user and replace the ID's in the following command

UPDATE Items SET UserId = %UserId% WHERE ItemId = %ItemId%
Regards/Gruss
Oliver
Find
Reply
DevOma Offline
Posting Freak
*****
ASG
Posts: 11,366
Threads: 103
Joined: Aug 2006
Reputation: 211
#3
24-02-2016, 04:03 PM
Or the user create a second private folder and move the cred to the new folder :-)
Regards/Gruss
Oliver
Find
Reply
thogud Offline
Member
***
Posts: 81
Threads: 22
Joined: Mar 2015
Reputation: 0
#4
24-02-2016, 04:34 PM
(24-02-2016, 04:03 PM)DevOma Wrote: Or the user create a second private folder and move the cred to the new folder :-)

This is what he did, since he did not have anything else in the folder. Wondered why I got no hits on the query, but a refresh in ASG-RD and the folder was gone. He confirmed he deleted it as other colleagues had told him we could see the folder Smile

Well, at least you know about the bug now, so let's just hope no more corrupt credentials will happen on private ones in the future, hehe.
Find
Reply
DevOma Offline
Posting Freak
*****
ASG
Posts: 11,366
Threads: 103
Joined: Aug 2006
Reputation: 211
#5
25-02-2016, 04:45 PM
Ok - just let me know if this really happens again!
Regards/Gruss
Oliver
Find
Reply




Users browsing this thread: 1 Guest(s)