RE: [spectrum] Bypass Spectrum Authentication

Fri, 13 Apr 2012 13:47:39 -0700 

Well I understand that privilege and roles play a key role in Spectrum, like 
you can hack oneclick.jnlp not to challenge for password, I was wondering if 
there is a way to hack the web authentication. Looking at the code of 
topology.applet I was wondering if I could change the code to permantly put 
credentials there that would be awesome….

  <!-- To enable timeout in the applet use the -->
  <!-- the OneClick Client Configuration -->
  <!-- Administration web page. -->
  <param name="timeout" value="$$timeout">
  <param name="loginTitle" value="$$logintitle">
  <param name="jsessionid" value="$$jsessionid">
  <param name="user" value="$$user">

  $$objparams
  $$ssoobjparams
  <comment>
    <embed
      type="application/x-java-applet;version=1.6"
      code="com.aprisma.spectrum.app.topo.client.applet.TopologyApplet"
      width="800" height="500"
      archive="$$archive"
      pluginspage="console/install-java.jsp"
      timeout="$$timeout"
      loginTitle="$$logintitle"
      jsessionid="$$jsessionid"
      user="$$user"
      $$embedparams
      $$ssoembedparams >
      <noembed>



Saurabh Bohra
O: 860-766-0842  |  M: 860-385-3597  |  e-mail: [email protected]

From: Altuğ Gür [mailto:[email protected]]
Sent: Friday, April 13, 2012 4:26 PM
To: Bohra, Saurabh
Cc: spectrum
Subject: Re: [spectrum] Bypass Spectrum Authentication

I believe no, since user privileges play a key role in Spectrum. As far as I 
know, there is no method to embed credentials into a URL either.
Altug Gur

Lähetetty iPhonistani


On 13.4.2012, at 11.22 ip., "Bohra, Saurabh" 
<[email protected]<mailto:[email protected]>> wrote:
All,

Is it possible to bypass Spectrum Web Authentication and launch topology applet 
without being challenged for credentials. I want to publish direct links to few 
of our Global collections and do not want users to get challenged for 
credentials, is this possible. A sample link could be as follows.

http://oneclick:8080/spectrum/topology.applet?mh=0x1000d4

thanks,

Saurabh Bohra
Sr. Network Mgmt Systems Analyst
ESPN Inc.
O: 860-766-0842  |  M: 860-385-3597  |  e-mail: 
[email protected]<mailto:[email protected]>


 *   --To unsubscribe from spectrum, send email to 
[email protected]<mailto:[email protected]> with the body: unsubscribe spectrum 
[email protected]<mailto:[email protected]>

---
To unsubscribe from spectrum, send email to [email protected] with the body: 
unsubscribe spectrum [email protected]

Reply via email to