The Security Issue with Some User Account Passwords [fixed]


Fixed

FIXED

The security issue is fixed in PRTG version 18.1.38. Please update PRTG to the current version. Download the software here.

Important Notice: This issue affects PRTG version 17.4.35 (17.4.35.3326) through 18.1.37. Previous versions are not affected.

What exactly is the issue?

An internal PRTG Network Monitor error caused some Active Directory integrated PRTG user account passwords and some other account passwords from the PRTG System Administration to be stored to the configuration file PRTG Configuration.dat in plain text, instead of being encrypted. We have fixed this issue as of PRTG version 18.1.38.

Which passwords were affected?

Only the Active Directory integrated PRTG user account passwords of users that logged into PRTG for the first time after the affected version was installed were exposed.

Other possibly exposed passwords include the following passwords from the PRTG System Administration:

  • Active Directory integration account password
  • Proxy password
  • SMTP relay password - primary server
  • SMTP relay password - fallback server
  • SMS delivery password
  • Messenger passwords (from deprecated PRTG versions)

If your version was affected, you will receive a ToDo ticket from PRTG including a list of the affected Active Directory integrated PRTG user accounts and other accounts.

Note: If a user account was deleted in a PRTG Network Monitor version after 17.4.35.3326 (released November 16th, 2017), it will not appear in the list.

What should I do?

We highly recommend that you immediately do the following:

  • Inform affected users that they need to change their exposed passwords. They should also check if they use these passwords for other services.
  • Change the affected passwords on the target systems and in PRTG (under Setup | System Administration | Core & Probes or Notification Delivery).
  • Delete all daily configuration backup copies. This includes all copies generated by PRTG Network Monitor version 17.4.35.3326 or later in
    • C:\ProgramData\Paessler\PRTG Network Monitor\Configuration Auto-Backups
  • Delete the following automatically generated copies of the configuration file if they exist:
    • C:\ProgramData\Paessler\PRTG Network Monitor\PRTG Configuration.old
    • C:\ProgramData\Paessler\PRTG Network Monitor\PRTG Configuration.nul
  • If you run PRTG in cluster mode, delete the configuration backups in the PRTG data path on every failover node.
  • Delete any additional copies of the PRTG Configuration.dat that you may have made for backup purposes. Depending on your backup strategy for the PRTG core server instance, this can affect snapshots of virtual machines or any file-based backups (for example, Veeam).

See the article How and where does PRTG store its data? if you do not use the default PRTG data path.

What can I do if I don't want to or cannot completely delete my backup files?

If you do not want to or cannot completely delete your backup files, you can use the following PowerShell script. The script basically searches for and clears the unencrypted password fields and saves the new backup file with the addition -fixed to the backup folder.

Important: These new backup files cannot be used as backups unless you reenter valid credentials. You also still need to manually delete the original backup files.

  • Open PowerShell ISE as an administrator.
  • Copy and paste the following script and run it via F5.
Add-Type -AssemblyName System.IO.Compression.FileSystem
[string] $dataDirectoryPath = ((Get-ItemProperty -Path "hklm:SOFTWARE\Wow6432Node\Paessler\PRTG Network Monitor\Server\Core" -Name "Datapath").DataPath) + "Configuration Auto-Backups\"
$backups          = (Get-ChildItem -Path $dataDirectoryPath)
[int]$backupCount = (Get-ChildItem -Path $dataDirectoryPath | Measure-Object).Count


# this will output debug messages to the console

function This-FixConfiguration($file){
    # extract the configuration  and load it into an xml file
    [System.IO.Compression.ZipFile]::ExtractToDirectory($file.fullname, "C:\temp\prtg.config.fix\")
    [xml]$configurationFile = (Get-Content "C:\temp\prtg.config.fix\PRTG Configuration.dat")
    
    # iterate through the whole configuration until all nodes are removed
    foreach($node in ($configurationFile.SelectNodes("//proxypass | //smtppassword | //smtppassword2 | //smspassword 
    | //icqpassword | //msnpassword | //yahoopassword | //aimpassword | //twitterpassword | //adpass | 
    //addomainpass"))) { $node.ParentNode.RemoveChild($node) }

    # save the configuration file to the temporary folder and zip it accodingly
    $configurationFile.Save("C:\temp\prtg.config.fix\PRTG Configuration.dat");
    [System.IO.Compression.ZipFile]::CreateFromDirectory("C:\temp\prtg.config.fix\",($file.fullname -replace ".zip","-fixed.zip"))

    # remove the original configuration from the temporary folder
    Remove-Item "C:\temp\prtg.config.fix\PRTG Configuration.dat";
}
#endregion

Write-Host "[$(Get-Date)] " -NoNewline
Write-Host "   INFO  " -BackgroundColor Gray  -ForegroundColor Black -NoNewline;
Write-Host " Checking $backupCount configuration backups..."
foreach($backup in $backups){ This-FixConfiguration $backup  | Out-Null}
Remove-Item "C:\temp\prtg.config.fix"
Write-Host "[$(Get-Date)] " -NoNewline
Write-Host " SUCCESS " -BackgroundColor DarkGreen -ForegroundColor White -NoNewline;
Write-Host " All configuration backups have been cleaned up and saved with a -fixed extension in the backup folder."
  • Your fixed backup files do not contain any passwords.
  • You still need to manually delete the original backup files.