AnsweredAssumed Answered

Filemaker Server 12 Email notification reveals user password

Question asked by PhilHolden on Dec 13, 2012

Summary

Filemaker Server 12 Email notification reveals user password

Product

FileMaker Server

Version

12.0.2.232

Operating system version

10.8.2

Description of the issue

I'm just setting up this server for the first time. I set up Email Notifications in the server admin console for warnings and errors.

The email I receive reveals the users password in plain text. I've removed the password in the example below. Here authentication failed because I'm converting files from .fp5 to .fmp12 (via .fp7) and the file now needs a user name and password. The password was passed from a related file that opens this file. So it is the correct password for the solution and I wouldn't want it revealed.

Once I have debugged my system it is unlikely to be repeated but by then it could be too late.

Example ==============================================
FileMaker Server 12.0.2.232 on server.local reported the following event:

2012-12-13 10:26:50.096 +0000     Warning     661     server.local     Client "Phil Holden (Phil Holden’s Mac Pro) [192.168.1.64]" authentication failed on database "batchlookup.fmp12" using "password [fmapp]".


Contact information not specified.
===================================================

Steps to reproduce the problem

We will change the passwords before we go into production so this is not an issue for us but it might be for someone else.

Expected result

Passwords should never be revealed in notification emails - ever!

Actual result

N/A

Exact text of any error message(s) that appear

FileMaker Server 12.0.2.232 on server.local reported the following event:

2012-12-13 10:26:50.096 +0000     Warning     661     server.local     Client "Client Name (Client Names’s Mac Pro) [192.168.1.64]" authentication failed on database "filename.fmp12" using "password [fmapp]".


Contact information not specified.

Workaround

I've not found any. The password entered is not relevant. I want to be able to not send the password entered in plain text in an email as this is a security hole. Even if the password is wrong it could give a clue to someone you don't want to get clues.

Outcomes