[BUG] "Sensitive command hostname" & "Sensitive command username" or "Sensitive Command Information" missing from alerts about canarytokens HOT 9 CLOSED

2nd side note. I now notice the positioning of "Sensitive command hostname" & "Sensitive command username" is inconsistant. Inteh above examples it on one line called "Sensitive Command Information"

and on others there are two seperate rows for this

from canarytokens.

Hi @wilmerism,

Thank you for raising this! We also noticed that this information was missing and fixed it in PR #268. The change from a single row to separate fields is a design choice made as part of a recent upgrade to Canarytokens.

The unpredictable case appears to be a result of 0x20 encoding, and the mangling making it to emails is a genuine bug, thank you for pointing it out. We have fixed it in PR #284.

from canarytokens.

Hi thanks for fix. 95% are now all good. however i still getting a few through missing data. >>

from canarytokens.

This issue is stale because it has been open for 14 days with no activity.

from canarytokens.

still getting, fyi below no host name and no executed in.

Should i be creating new tokens at all ?

from canarytokens.

@wilmerism thanks for the update.

still getting, fyi below no host name and no executed in.

Sorry that you are still running into this.

I removed the stale tag and we will dig some more into this.

from canarytokens.

Hi @wilmerism

still getting, fyi below no host name and no executed in.

Our current suspicion is that the time between when the code was committed to master and when it was deployed on the production server is the culprit that caused your token to misbehave.

Can you please try again.

from canarytokens.

This issue is stale because it has been open for 14 days with no activity.

from canarytokens.

This issue was closed because it has been inactive for 14 days since being marked as stale.

from canarytokens.