What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Restrict passhash from being used for web login?

Votes:

0

Your Vote:

Up

Down

I plan to use API calls to pause a sensor when a machine reboots to apply updates. However, I discovered the passhash can be used to access the WebUI, eg: "https://example.com/?username=apiuser&passhash=1234567890".

This is a problem. I can't hide the hash from local admins on those servers, but I don't want them to be able to gain access to the WebUI. I found some posts on this board that indicate the hash should not work for the web interface. Is this a bug?

https://kb.paessler.com/en/topic/77509-using-http-api-without-putting-credentials-in-the-path

https://kb.paessler.com/en/topic/89434-login-interactively-to-portal-via-passhash

Thanks

api passhash webui

Created on Aug 10, 2021 5:36:57 PM by  jfrank (0) 1



1 Reply

Votes:

0

Your Vote:

Up

Down

Hello,

Thank you for your message.

As mentioned in the second KB article, call based authentication is possible (with passhash) and I'm afraid that there is no option to disable it.

Therefore, I invite you to open a feature request for it by following our guideline here: https://kb.paessler.com/en/topic/79245-how-can-i-propose-new-features-or-sensors-for-prtg

If you have questions, let us know.

Regards.

Created on Aug 11, 2021 7:57:44 AM by  Florian Lesage [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.