Mistery values in Authorization tab

On the “Authorization” tab, I change type from the default, to “Basic” and a string of characters automatically appears in both the username and password fields. Where did this text come from? ( I did not enter any key-value pairs in Parameters, Header nor Body) Thanks in advance.

Hi @RedOctober2020,

Welcome to the community! :clap:

Great question. From my experience, at some point, those credentials were entered, and as a convenience, postman auto fills those credentials in there. I would check if you have any other request that you have put in credentials for, and see if they match up. Otherwise, I have not seen this experience where they come out of the blue.

Hope this helps!

Orest

Hi Odan. Yes I assumed these values came from a pre-entered key-value pair, but I cannot find where. I’ve checked Parameters, Header and Body. I guess my question shd be: “Where else in Postman are these values entered, besides Parameters, Header and Body?”

Hi @RedOctober2020,

So these values should be found in another Request, (Or possibly at the Collection level), in the Authorization tab. Some other request or collection should have those basic auth key value pair set.

If not, it might have been set at one time before and not anymore. I can’t confirm if it will autofill even after credentials have been removed at the request that initially put in those credentials. Other than that, I can’t think of anywhere else you would find them.

Thanks,
Orest

Does anyone else have any ideas where these values are coming from. I create a new collection, I create a new request, I set Auth to Basic… and boom… those mystery values appear in Username and Password. I tried to decode them from MIME… they are not MIME values, they are just strings. I need to solve this, bc I’m completely stuck until I find out where those values are coming from.

Hi @RedOctober2020,

Depending on how much of a concern it is for you, you can also just uninstall and reinstall the Postman app. If anything, that should clear any cached credentials.

@dannydainton, is there anything you can chime in here that I may have missed?

Sorry just skimmed this and not really up to speed with what’s been discussed yet.

If you select that Authentication helper, it will automatically preview the header. That header will be a base64 encoded value so that might explain the ‘mystery characters’ as probably encoding some whitespace or something :man_shrugging:

At no point in the thread has there been an actual visual clue to show people what’s going on so without an image, it’s like Chinese whispers sometimes :grin:

Are you able to provide that as “a picture paints a thousand words” :grin:

Is this what you’re seeing?

Screenshot 2020-08-08 at 18.37.20

The Og== value is a : character which is the divider between the username and password.

This site will help: https://www.base64decode.org

I’m confused as to why this is a problem if you’re not using that form of Authentication - If you are using it, are you no just using the actual values you want in there?

1 Like

I am a new user so your system doesn’t allow me to upload an image. The values in question are on the Authorization tab, (not the header tab shown in your image) … username and password. I have checked at the Environment level (there is no environment), collection level,(/edit… nothing set there), … I don’t know where else to look. Every time I create a new request, those values are automatically populated against my will. What’s weird is the values actually work. They get me a 200 OK when I hit the server. But I don’t know who’s account I’m logging into successfully.

What are the values?

I don’t think you’ve show those yet right? I might be mistaken. :grin:

Have you tried clearing the Workspace history or moving the collection to a new workspace?

There are certain things that are populated by the history of the Workspace, like URLs when you start creating a new request so there might be something within an older request that’s doing the same thing here.

I’m just guessing at things here because I have no idea what you’re seeing :grin:

I’m unable to upload an image due to me being a new user, however, the image I tried to upload, I removed the values, so they could not be used by others. they are valid creds and they let me into RingCentral… but like I said, I did not enter them, so they are not my creds. They are someone elses’s valid creds.

Hi @RedOctober2020,

Thanks for sharing the extra details. To be honest, I don’t think there is much other way we can help figure this out. This kinda gets into a moral dilemma, and might be useful to somehow notify this user that their credentials were leaked somehow.

As to how they got into Postman, I don’t think anyone can really give you a solid answer, and would require a bit of analysis on your computer to see what may have happened, while I doubt they came from Postman, I know strange things do happen.

If anything and you can somehow consistently reproduce this error, then you can log it bug (a pretty serious one at that), but otherwise, I still stand with reinstalling the app. Thats basically all I can think of that I would do.

Best,
Orest