imageInteresting case today: customer uses Imprivate for two factor logon in combination with Citrix XenApp.

Users reported that logons failed after they had changed their password. After contacting the users we learned that this only happened with special characters in the password like ! and +.

imageTo do the actual logon to Citrix Imprivata uses an executable which is actually an AutoIT script compiled to an executable.

After authentication the executable get’s the password from the Imprivata Appliance.

I decompiled the executable to source and read the line that passes the password to XenApp:

I then checked the AutoIT documentation for the ControlSend function and learned there’s an extra parameter Flag with a default value of 0. This flags determines how keys are processed.

When Flag = 0 (default), special characters like + are used to indicate moving the cursor or indicate SHIFT. When Flag =1 the keys are send raw which is what we need for the passsword.

I changed the line to:

And now it works fine!