Support

Values for Job Variables marked as "hidden" can be revealed to unauthorized users

Article ID: K00000637
Last Updated: December 4, 2024

Applies To

adTempus 4 Versions 4.0 and later
adTempus 5 Versions 5.0 and later

Summary

When a Job Variable has the "Hide value from users" option checked, the variable's value is concealed in the variable properties window and in variable lists in the Console. However, it can be viewed in other places.

More Information

The "Hide value from users" option was introduced to prevent unauthorized users from easily viewing the values of sensitive Job Variables within the Console. When this option is checked, the value is masked in the variable properties and in lists where variables are shown.

Users with Modify permission for the variable (or the object to which it belongs) are able to reveal the value in the properties window, but users with View permission are not.

However, users without Modify permission can still discover the value of the variable in other places within the Console where the value is not being properly masked, including:

Object Configuration Reports
Data exports
Object version comparison reports

Resolution

adTempus has been modified to provide stronger protection for hidden Job Variables to protect them from disclosure to unauthorized users.

The Console has been updated to show a mask value ("********") for hidden values in all locations where variables are shown.
The server has been updated to remove or protect the values being sent to the Console (or other client applications), to prevent disclosure through older versions of the Console.

At a minimum, administrators should update the adTempus server to protect these values. Console installations should be updated in order to support new export format rules (see below).

Details and Side-Effects

Several changes have been made to protect this information.

Protection from unauthorized viewers

The server no longer sends the values of hidden variables to the Console (or other client applications) for users who do not have permission to Modify the variable or its owner. This ensures that the information cannot be viewed using the client API or older Console versions.

Users with older client applications will see empty values for hidden variables; users with updated client applications will see a mask value.

Optional protection from all users

In the previous implementation of hidden variables, users with Modify permission are able to view the hidden variable values and set new values.

With this update, by default no users are able to reveal hidden variable values. Users with Modify permission are still able to set new values but cannot view the existing value.

This behavior is controlled by the "DataProtection:AllowRevealOfHiddenVariableValues" Advanced Server Option. Change this setting to "true" to allow users with Modify permission to reveal the current variable value. In either case users with only View permission cannot reveal the value.

Optional restrictions on searching hidden values

Users with Modify permission by default are able to search and replace hidden variable values. To prevent searching and replacing in hidden values, set the "DataProtection:AllowSearchInHiddenVariableValues" Advanced Server Option to "false". When searching is disabled, hidden variable values will not be included in find/replace operations.

Regardless of this setting, users with View permission are not able to search for text in hidden variable values.

Export file encryption and restrictions

In previous versions, hidden job variable values are not protected in data export files. Beginning with this version, hidden values are by default encrypted in the same way that passwords are encrypted, providing protection against disclosure. However, prior versions of adTempus will not be able to read the encrypted values, so the "DataProtection:RequireHiddenVariableEncryptionInExport" Advanced Server Option option can be set to "false" to allow unencrypted export to provide backward-compatibility.

In the Export window in the Console, new export formats have been added to support these options (see documentation for version 4 and version 5). If the "DataProtection:RequireHiddenVariableEncryptionInExport" option is "true" and you attempt to export to one of the formats that does not support encryption of hidden values, the export will fail if the data contains variables with hidden values. If there are no hidden variable values, the export to the older format will be allowed.

Availability

This fix is available in adTempus 4.10.1 (available to all users with a 4.x license) or adTempus 5.0.5 (available to all users with a 5.x license) and later.

adTempus 4
This issue has been resolved. Resolved in version 4.10.1.
adTempus 5
This issue has been resolved. Resolved in version 5.0.5.