WcfDataService Log Shows Windows User Passwords in Clear Text
Article # 307312 - Page views: 102
307312
Question / Problem:
Why are Windows passwords recorded in clear text in Insight's WcfDataService log file?
Answer / Solution:
This occurs because IIS is configured to serve the View application using Basic authentication. When enabling Basic authentication in IIS, a message clearly displays stating that passwords are sent in clear text. Therefore, Insight receives this data from IIS in this format. This is not a Kofax issue.
To resolve this, modify your IIS settings by disabling Basic authentication and enabling Windows authentication. Verify all other applications as well to secure your environment. Consult your IIS administrator for testing and potential impact to your customers before making this change. As always, test in a lower environment first.
Applies to:
Product | Version | Category |
---|---|---|
Insight | 5.x, 6.x | Security, IIS |