Authorization token is invalid?
Using OpenDNS Updater v. 2.2.1 and everything has been going fine however, within the past couple of days, it is now showing "authorization token is invalid".
Ideas? Suggestions?
-
I don't like to necro a dead thread, but Google brought me here and the same may happen to others. So here is what I did when I got the same error today:
1) Relogged by clicking "Change Account" and entering my email and password2) Completely exited the app, not just minimizing
3) Restarted the app
And that fixed it for me. Hope this helps anybody else stumbling across this thread! :) -
Logging out and back in again did not resolve the issue for me. Opendns currently has a password authentication disparity -- just because you can log in via the web interface does not necessarily mean that you can a) change your password via the web interface or b) log in via the updater.
When resetting your password, they say it can be 256 characters long and must have special characters. However, my 32-character password containing the following special characters allowed me to log in via the web interface but said the password was inaccurate when I attempted to change it via the web interface. I assume that's why the updater displayed the authentication token issue to me:
/?<@#^~-=[;
Solution: On the login screen, click "Forgot password?", click the emailed link, and select a password with only the special characters they list. I also selected a shorter password. Once I did this, I was able to use the updater without getting the authentication token error message.
-
Nice work 98cr4j.
my password contained an "!" which resulted in the "authorization token is invalid" error.
Changed it to a "#" on the website and the app and all is well.
-
Thanks for the tips. Just to add on. My password had several special characters. I changed it to only include "#". After completely closing the app and then restarting and logging in, it still said "Your authorization token is invalid" until I clicked the "Update Now" button. Then the warning went away.
Mac OSX 10.14.6
OpenDNS Updater 3.0
-
The 64-bit Updater for Mac OSX: https://support.opendns.com/attachments/token/ZG3nb26d1lkp6qsxulMv5eolB/?name=OpenDNSUpdater.app.tar
-
I also got the email on Apr 22nd. It looks legit to me. Here is the content of the email:
Umbrella/OpenDNS Dynamic IP Updater Data Incident Notification You are receiving this notice as, according to our records, you are a user of the Cisco Umbrella/OpenDNS “Dynamic IP Updater” software. If an administrator contact was available, they are in the CC line of this email. Please see the bottom of this message for account information we have on file.
On 13 April 2020, Cisco became aware that an Umbrella/OpenDNS diagnostics site was publicly accessible. We immediately disabled public access to the site and determined that some log events within the Dynamic IP Updater system were partially visible between March 26, 2020 and April 13, 2020.
As a precaution, we have taken steps to help protect the security of your account and your action is required to restore full functionality. Cisco is committed to transparency and this communication provides further detail about this incident along with further instructions.
Incident Analysis
Upon notification, access to the Umbrella/OpenDNS diagnostics site was immediately disabled and Cisco confirmed it is no longer publicly accessible. After a comprehensive log review, we determined that a limited number of unauthorized users may have viewed log events that included the Dynamic IP Updater API Token.
This token data could be exploited to review and/or modify Umbrella/OpenDNS configurations and view event history. While Cisco has seen no anomalous API token use within our system logs, we have also taken the precautionary measure of revoking the API token to protect the security of your account. You must follow the API Token Re-Generation instructions below to restore full functionality.
For reference: The API Token is automatically generated when a new account is created. The API Token does not generally require any action to be taken by a user to manage. In this instance, the Token must be regenerated since the Umbrella/OpenDNS staff revoked your API Token to protect your account’s security.
Action Required: API Token Re-Generation
Revoking the API token prevents the Dynamic IP Updater client from updating the registered IP address. To restore full functionality, you will need to take the following steps for each instance of the Dynamic IP Updater:
1) Open the OpenDNS Dynamic IP Updater client
2) Click “Change Account”
3) Sign in again
Detailed steps are outlined on this page:
https://support.opendns.com/hc/en-us/articles/227987807- How-to-configure-the-OpenDNS- Dynamic-IP-Updater-Client
Should you encounter any issues or are having difficulty reconnecting your client, please contact Umbrella Support at umbrella-support@cisco.com.
Please note that if you do not regenerate the API token(s) as described, Cisco Umbrella/OpenDNS will no longer provide expected functionality as the security and content policies will be automatically set to an unconfigured state.
Action Timeline
Here is a summary of our actions taken:Date Action taken 26 March 2020 Umbrella/OpenDNS diagnostic site became publicly available due to network configuration change 13 April 2020 Cisco notified about unintended public access to diagnostics site 13 April 2020 Cisco disabled access to site and began identification of impacted users 14 April 2020 Further mitigation taken to eliminate possibility of token misuse 22 April 2020 API tokens revoked; customers notified
Cisco takes any data security incident very seriously and we are committed to quickly remediating such issues. Internally, we are working with the involved teams to assess why this occurred and what steps we can take to avoid a similar incident in the future. We are very sorry for any inconvenience or concern this incident may have caused.
Please contact Cisco by replying to this email or contacting your account team if you have questions or would like to discuss further.
Sincerely,
Cisco Data Protection team
We have the installer and related details noted as
email: <my details redacted>
Please sign in to leave a comment.
Comments
23 comments