Katalon Authentication parameters get mixed up


#1

I’m having trouble using Katalon to test a web application that is behind basic authentication. I saw in the documentation and from other questions that the Authenticate keyword can be used for this, however it just isn’t working for me. For some reason the password seems to be getting passed as the username and “{2}” is being passed as the password. Could I be doing something wrong? Is there any way I can get passed this?

KatalonAuthenticateCode.PNG

KatalonAuthenticateMessage.PNG

KatalonAuthenticateGUI.PNG


#2

Hi! Though I can successfully login to my web application with WebUI.authenticate, I can confirm that in log viewer parameters are displayed mixed up.
“Authentication with username ‘examplepassword’ and password ‘{2}’ successfully.”

Highly sensitive data is exposed in the logs and when running a test suite the password value gets also saved e.g. into execution0.log.

I really wonder that not more people are commenting on this security issue and I would highly appreciate if this got fixed.

Meanwhile I will need to have a look at autoIT to get passed the basic authentication because as it is I sadly can’t use authentication from Katalon…


#3

I agree that the password as clear text in the log is unacceptable. We also used this keyword once temporarily, but then changed back to the original authentication - for other reasons. However, I also needed something until the keyword worked. Maybe Katalon can explain here which format or similar the parameters have to have and if the log can be changed accordingly.


#4

Thanks for your feedback. As workaround I’m using autoIT now. Nevertheless, I hope that a solution is found for this issue.