Jump to content

Beau P.

  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Beau P.

  1. Hello, We had this happen again yesterday. 10:07 am to 11:31 am there were ~32k requests to retrieve a password from the browser extension. Beau P. (****) retrieved the Password record 'www.tradingview.com' (UserName = *************) from the Password List 'Private Passwords' to form fill the web site https://www.tradingview.com/chart/. I had that website open in a separate browser window and it was minimized. I was able to reproduce it today by visiting that page. In just a few seconds I had over 3000 requests from the browser extension. I think you have to sign in then sign out again while still on that page (the sign in is in the top left corner drop-down menu) Anyway, the thousands of requests coming through each minute are killing our server and database.
  2. Yes, 8792 is the build of the extension. We never used the beta version. This one instance was specific to one site. I tried to have the user follow the steps they took but was unable to reproduce it. I'll keep an eye out and see if it happens again. Are there any logs or any information I could provide that would help?
  3. I got an alert on database usage for Passwordstate and found that the database was maxed out for nearly an hour. I checked the audit logs and saw that a single user's browser extension retrieved a password to form fill nearly 20,000 times over the course of ~45 minutes. I checked with the user and they said they just logged in to the site as normal and didn't notice anything out of the ordinary happening. Any ideas on what could have happened?
  4. On a side note, I've gotten a lot of feedback that the new browser extension is awesome. Great job on an excellent product!
  5. @support I found and fixed the issue. This is our first upgrade after installing the product. Shortly after installing, we copied the install from c:\inetpub\PasswordState to g:\PasswordState and modified the directory for the passwordstate site in IIS to be the new directory. I did not realize that there were 4 applications inside that website so they were still pointed to the old path (which didn't get upgraded). I modified those and restarted the website, recycled the app pools and restarted the service and the extension is now working. Thanks for looking into this with me.
  6. 1. Tried this. Did not fix. 2. Tried this. Did not fix. 3. Yes. 4. Not working for all users. There is a message in the Audit log for a failed API call every time the extension tries to authenticate: Failed API Call: An exception has occurred executing an API Script. Error = Object reference not set to an instance of an object. from IP Address xx.xxx.xx.xxx, using a URL of https://<oursite>/api/browserextension/authenticate/.
  7. Hello, I read that post but I'm confused. My issue is only occurring AFTER upgrading to the latest version. Per my post, I upgraded to 8792 (latest version AFAIK) and getting that error.
  8. We just upgraded to the latest build (8792) and the new browser extension is not autoconfiguring. I inspected the extension and found it was getting a 404 on the authenticate API. I've attached a picture of the error. Any ideas?
  9. Thanks, I figured it out. For anyone that runs across this problem, you have to restart the website in IIS and recycle the app pools to get a server time change to affect the auditing logs.
  10. Forgive me if it exists, but I could not find it anywhere in the options or preferences. The time that displays in the audit log. Where does PasswordState get that time from? I tried changing the time on the web server but that did not affect it. My guess is it gets it from the database. In our case, we use an Azure SQL database in which you cannot change the time zone from UTC to something else. Is there an option to display a different time zone for the audit logs, perhaps per user?
  11. Our organization has the Web Site Allowed IP Ranges set to our external IPs, with a high timeout on allowed and a 15 minute timeout on outside IPs. In other words, allowed ips = high timeout, outside = 15 minute timeout. We would like for the browser extension timeout settings to be able to use the allowed and outside IP settings to control the timeout.
  12. When testing with a colleague today, he was not able to get a form to save or autofill his username and password. It worked fine for me on the same site. After investigating, I found an error in his console. Uncaught QuotaExceededError: Failed to execute 'setItem' on 'Storage': Setting the value of '<something>' exceeded the quota. I did not record the exact error but I believe the value it was setting was whether or not it was supposed to ignore the website. It turns out the Local Storage in chrome for that site was full. After emptying local storage, the extension worked as intended. I don't know what can be done about this but the extension silently fails if this happens. Maybe add exception handling when setting items?
  13. Haha no worries. My company is in software development as well and customers come up with some wild uses for our software that we would never have dreamed of! I appreciate the help. If we decide to continue with the product after the trial, I may enter a feature request for consideration to streamline that process a little. Cheers!
  14. I think I found a workaround. 1. Administrator creates a shared list with permissions only to themselves and the intended user and calls it something like "onboarding accounts for <first> <last>" 2. Administrator loads the list with the temporary passwords 3. Administrator removes their access to the list 4. Administrator converts the list to a private list Do you see any issues in my process there? It seems to work on my trial install.
  15. I installed the trial today and I've been searching through the documentation and I'm having trouble finding the preferred ways to handle these two actions. Scenario #1: When new employees are onboarded, they are provided with a list of temporary passwords for different systems we use. What is the correct (or preferred) way to handle providing the initial temporary passwords to the user in PasswordState? I was looking for a way to "send" a password to a user's private password list but it doesn't look like that is possible. Scenario #2: A user has forgotten a password to a system. The manager resets the password. What is the preferred way to handle providing the user with the new password? The method for this is probably similar or identical to Scenario #1.
  • Create New...