is there any way I can monitor what username:password combination are being sent to grafana in the login page? This would be especially useful in security terms - so I am able to what username:passwords are being tried and possibly determine if someone are just random or not.
I have grafana self-hosted.
I doubt it. If any application did expose passwords that would be something no one would ever use
But look at the grafana log for failed logins
Yes, that would be a security issue. But at least failed logins could be shown which would not be such an issue cause those do not belong to anyone.
What do failed logins show and how can I find them?
Thank you very much
logger=context traceID=00000000000000000000000000000000 userId=0 orgId=0 uname= t=2022-10-11T19:14:55.1880863-07:00 level=error msg=“Invalid username or password” error=“invalid username or password” remote_addr=[::1] traceID=00000000000000000000000000000000
Will try, thanks.
Will this also show what was the incorrect password attempt?
nope. as mentioned before. such an app would be useless to me at least
Thank you for the reply
Would you be ok if your bank captured such details? Would you stay with such a bank that saves your password to clear text?
I understand why it is a security vulnerability. But at the same time, at the moment, I do have a need for it which is specific, so hence why I am asking for it.