Not sure when this happened because my alarm plugin had not been working for a while and I finally got around to troubleshooting it. Very strange but very reproducible error.
Plug in version: 0.40, latest as of this writing
Vera is a VeraSecure running version 1.7.3233, latest as of this writing
Envisalink 2DS running firmware 01.12.180
The symptom is I am limited to 6 character passwords for the plugin to work with the Envisalink. If I use a 7 or more character password, it works fine with the envisalink web app but the Vera will report a bad password.
The weird way I discovered this was the URL for changing the password on the Envisalink itself “leaks” the first 6 characters of the password. If I use the envisalink web interface to change the password to “user1234”, the URL after I click submit would have “user12” in the URL. Experimented with several different passwords and 6 or less characters works great, 7 or more always fails with plugin.
Any ideas? I’m almost willing to fork out another $130 for an envisalink 4 if I can use a non-trivial password locally.
It will work but 6 character password is trivial to brute force crack these days. It would take a dedicated attacker just hours with nothing special equipment.
I’ll live with 6 characters for now and examine my options.
The core issues is the origins of the API (TPI):
The API EVL2 and Envisalink 3 only supports 6 ASCII digits for a password but the Envisalink 4 supports 10
The developer (Guest) was working with a series of users and at that point there was only EVL2 and Envisalink 3. Even at that point, there were descrepancies between the web user interface and TPI but as raised on the Eyes-On forum and support
If you read the current TPI
Network Login
The command is sent by the client after it has created a TCP connection to the TPI to open a session. The TPI will respond with command 505 if the login was successful. The password is the same as the local Envisalink password for the web page.
Command 005