Can't create passwords when using the wifi hotspot on a train

I was trying to work on the train (ICE in Germany) and create a new password. I could login into passbolt but when I tried to add a new password I got:

An internal error occurred. The server response could not be parsed. Please contact your administrator.

I then connected to the mobile hotspot of my phone and I could create passwords just fine. Then I connected to the train hotspot again and got the same behavior. Reading passwords works without issues.

I sshed into the server running passbolt and it contained the following error in the error log:

2020-12-30 19:01:36 Error: [App\Error\Exception\ValidationException] Could not validate resource data. (/mnt/web522/b0/95/54349495/htdocs/jCdixtfscl5bShnKBm6X/src/Controller/Resources/ResourcesAddController.php:162)

Request URL: /resources.json?api-version=v2&contain%5Bpermission%5D=1

I also hacked the ResourcesAddController.php and var_dumped the $errors and $resource variable. All the fields in the $resource object where empty.

$errors:
array(2) {
[“name”]=>
array(1) {
["_required"]=>
string(19) “A name is required.”
}
[“secrets”]=>
array(1) {
["_required"]=>
string(21) “A secret is required.”
}
}

I’m not adding the $resource variable out of security concerns. I don’t know if there is any secret data contained in it.

Any idea what could cause this? This is not really a problem for me, but I though you might interested in this bug report. I really like your software. I’m running passbolt version 2.13.5.

Hi @gellweiler

Based on your description, if it works okay when you are on mobile but not okay when using the train hotspot, then maybe it is not a Passbolt problem but rather a result of the train network?

The error is triggered if there is no information passed when a password is being saved - and I think is confirmed with the $errors you are reporting - this mirrors the error response when click Create on the Create a Password dialog with blank fields.

But why this would happen if your fields were not blank when creating, I am not sure.

@gellweiler It seems like an network issue, like your requests are being rewritten, maybe some headers or post data are dropped hard to tell. Generally it is a bad idea to access sensitive data over a shared wifi network. I recommend setting up a VPN for this kind of situation when you have to travel and use public wifi, or stick to your phone hubspot, that should also take care of the problem.

It is definitely related to something the train does.

But I’ve setup the server to use HTTPS and the certificate was valid. So I don’t see how the train network could have modified any POST requests. And since all requests go to the same domain I also don’t see how they could have blocked any requests. Or are you using any other protocols then http(s) for communication, maybe WebSockets? I’ve had some issues related to (transparent)-proxies with websockets in the past.

I get that a VPN is always a good idea when on a public network and this is a fine solution for me and I should have done that. But this is something I can’t really ask my nontechie clients to do. One of the things I like about passbolt is, that it should be secure even in these kind of circumstances. Provided their devices are free of malware. But as long they can copy passwords to the clipboard when they are in a public hotspot that is fine with me.

Hello,

Passbolt extension doesn’t use websockets. The error in the extension is basically saying the server is not responding with JSON format, typically this can happen with “504 Gateway Timeout” scenarios. The fact that you have no data received on the server side makes me think some data is lost, maybe the train network drops packets, or triggers some TCP/IP connection timeout. This or another service in front of your passbolt doesn’t like the latency, honestly I have no clue.

A timeout sounds plausible. But since I can’t reproduce I guess this issue can get closed.

Thanks again for providing this great piece of FOSS.

1 Like