InTouch Password.

bin File Corruption in Some Scenarios

Tech Alert 168

InTouch Password.bin File Corruption in Some Scenarios

All Tech Notes, Tech Alerts and KBCD documents and software are provided "as is" without warranty of any kind. See the Terms of Use for more information.

Topic#: 002716
Created: December 2012

Introduction
InTouch LFSEC00000080 Security Update was released on November 28 2012 to fix a security vulnerability in the InTouch type
security password storage mechanism.

Application Versions
InTouch 10.1 SP3 Patch 01

InTouch 2012 (10.5) Patch 01

InTouch 2012 R2

Problem
Wonderware has identified a file corruption problem that arises from the application conversion process:

When upgrading an end-user application from one version of InTouch to another AND

If the Security Update LFSEC00000080 was applied previously to the earlier version.

Note that this Security Update only applies to applications that use the InTouch Type of security. Applications that use Windows
Integrated security, Smart Card or ArchestrA Type security are not affected and do not need to apply the Security Update and are not
affected by this Tech Alert.

If you created a backup of your application (as recommended) during the upgrade process, the workaround for this issue is below.

If you did not back up your application prior to conversion, you will need to reconstruct your InTouch type security user list.

The problem occurs in the following scenarios:

InTouch 10.1 SP3 Patch 01

You install the LFSEC00000080 patch for InTouch 10.1 SP3 Patch 01.

You upgrade to InTouch 2012 Patch 01. The Password.bin file remains OK but cannot be used by this version without the Security
file:///C|/inetpub/wwwroot/t002716/t002716.htm[12/20/2012 2:17:31 PM]
InTouch Password.bin File Corruption in Some Scenarios
Update installed.

You install the LFSEC00000080 Security Update for InTouch 2012 Patch 01. The new version can now read the Password.bin file.

You open your end-user InTouch application (that uses InTouch type security). InTouch will see that your application was
developed with an older version of InTouch and ask to back up your application and then convert. After the conversion process,
your converted Password.bin file will be corrupted and cannot be salvaged.

Or

InTouch 2012 Patch 01

You install the LFSEC00000080 patch for InTouch 2012 Patch 01.

You upgrade to InTouch 2012 R2. The Password.bin file remains OK but cannot be used by this version without the Security
Update installed.

You install the LFSEC00000080 Security Update for InTouch 2012 R2. The new version can now read the Password.bin file.

You open your end-user InTouch application (that uses InTouch type security). InTouch will see that your application was
developed with an older version of InTouch and ask to back up your application and then convert. After the conversion process,
your converted Password.bin file will be corrupted and cannot be salvaged.

The result in either case: The converted Password.bin will be corrupted and unusable (no recovery).

Important: Always create a backup of your application before any conversion process.

Workaround
You can replace the converted Password.bin file in your application directory with the unconverted version from the backup of your
application.

Complete the following steps after the upgrade process to the newer version of InTouch and after installing LFSEC00000080 Security
Update for the new version.

1. Open the InTouch application using View.

2. View will detect the application was developed with an older version and ask to run WindowMaker to upgrade.

3. Say Yes to the Upgrade.

4. WindowMaker will ask to back up the application.

5. Click Yes to back up the application. The unconverted end-user application (including the Password.bin file) is backed up to the
Application\BAK folder.

6. Run the end-user application upgrade.

7. Once the upgrade is complete, close View and WindowMaker.

file:///C|/inetpub/wwwroot/t002716/t002716.htm[12/20/2012 2:17:31 PM]

InTouch Password.bin File Corruption in Some Scenarios
8. Copy the Password.Bin file from the Application\BAK folder to the application folder.

9. Run View.

If you did not choose to back up your application, your only option is to delete the corrupt password.bin file in the upgraded
application, and reconstruct your application user list, passwords and access levels.

P. Forney

Tech Notes are published occasionally by Wonderware Technical Support. Publisher: Invensys Systems, Inc., 26561 Rancho Parkway South, Lake Forest, CA 92630.  There is also
technical information on our software products at Wonderware Technical Support.

For technical support questions, send an e-mail to wwsupport@invensys.com.

Back to top

�2012 Invensys Systems, Inc. All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or
mechanical, including photocopying, recording, broadcasting, or by anyinformation storage and retrieval system, without permission in writing from Invensys Systems, Inc.
Terms of Use.

file:///C|/inetpub/wwwroot/t002716/t002716.htm[12/20/2012 2:17:31 PM]