Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Protection REST API calls fail with 401 errors.

Cb Protection REST API calls fail with 401 errors.

Version
Cb Protection 8.0.2322 Patch 4


Issue

REST API calls fail with 401 errors.

Symptoms

1. REST API script fail to connect to the Cb Protection server.

2. IIS server log shows "401" errors

#Software: Microsoft Internet Information Services 7.5

#Version: 1.0

#Date: 2017-08-17 11:06:50

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken

2017-08-17 11:06:50 172.25.86.109 GET /api/bit9platform/v1/computer limit=-1&q=deleted:False&q=template:False 443 - 172.25.86.109 Mozilla/5.0+(Windows+NT;+Windows+NT+6.1;+en-US)+WindowsPowerShell/5.0.10586.117 401 0 0 17067

2017-08-17 11:06:50 172.25.86.109 GET /login.php - 443 - 172.20.11.211 B3M/prober 200 0 0 1216

2017-08-17 11:06:50 172.25.86.109 GET /api/bit9platform/v1/computer limit=-1&q=deleted:False&q=template:False&q=connected:True 443 - 172.25.86.109 Mozilla/5.0+(Windows+NT;+Windows+NT+6.1;+en-US)+WindowsPowerShell/5.0.10586.117 401 0 0 0


3. API log shows this error:

2017-08-18T15:13:21.1508290Z,"Authorization:AuthorizeRequest:",""

2017-08-18T15:13:21.1664292Z,"Authorization:X-Auth-Token path.:",""

2017-08-18T15:13:21.1664292Z,"UnauthorizedAccess:reason:Invalid or missing API Token, Get:fileCatalog:","

Cause
The Cb Protection REST API authentication defaults to the built-in "admin" account.

For authentication to work, this admin account requires a role be assinged to it which includes the "Manage Users" permission .

If that permission is missing an authentication token cannot be assigned and the auth fails with 401 error.


Solution

Assign the admin account a role that includes "Manager Users" permission.

Important Note(s)

It does not matter if the "admin" account is enabled or disabled. Only a role with "Manage Users" permission is required.
This is defect EP-2752 that will be fixed in a future release.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-21-2017
Views:
765
Contributors