Skip to main content

WcfDataService Log Shows Windows User Passwords in Clear Text

Article # 307312 - Page views: 102


Question / Problem: 

Why are Windows passwords recorded in clear text in Insight's WcfDataService log file?

Answer / Solution: 

This occurs because IIS is configured to serve the View application using Basic authentication. When enabling Basic authentication in IIS, a message clearly displays stating that passwords are sent in clear text.  Therefore, Insight receives this data from IIS in this format. This is not a Kofax issue.

To resolve this, modify your IIS settings by disabling Basic authentication and enabling Windows authentication. Verify all other applications as well to secure your environment. Consult your IIS administrator for testing and potential impact to your customers before making this change. As always, test in a  lower environment first.


Applies to:  

Product Version Category
Insight 5.x, 6.x Security, IIS