Canalplan Bug Tracker

Anonymous Login
2017-11-19 03:20 GMT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000095Canalplan [All Projects] Generalpublic2017-08-09 15:30
Assigned ToStephen Atty 
PlatformMicrosoftOSWindowsOS Version8.1
Product VersionProduct Build 
Target VersionFixed in Version 
Summary0000095: Key Logging Events
DescriptionI have Trusteer Rapport and last week key-logging events from CP have started to reappear (see attachment). I don't use the keyboard for logging into any site as I use a password manager. CP seems to be the only site that gives this message in Trusteer Rapport. Any ideas?
TagsNo tags attached.
Attached Files




Stephen Atty (administrator)

What do you mean key logging events?

The log you show suggests that something on your PC is trying to grab the keystrokes when you enter things into the password field. The password field on Canalplan has no javascript associated with it.

Does the Rapport system provide any more details - like what applications it thinks you might have on your system? Could it be an interaction with your password manager?

Are you using the Canalplan login screen or are you using one of openid auth methods?


Shultzy (updater)

I'm guided by the info provided by the Rapport system, it doesn't give any more details. The log comes up every Monday and its usually empty. This week it shows only the logins for CP. and no other. I've occasionally had key-logging events flagged from my bank login and Google but not consistently. I use the CP login screen. I've been using the same password manager since 2006 so probably its not that.


Stephen Atty (administrator)

Last edited: 2016-03-14 19:22

View 3 revisions

The problem is that IBM don't provide any sort of support area and their on-line help system doesn't really help.

The only thing remotely relevant is this:

When you enter passwords into websites protected by Trusteer Rapport, your keystrokes are encrypted by Trusteer Rapport thus preventing keyloggers from reading sensitive information. This protection mechanism is automatically activated whenever you access a protected site. If you see keystroke protection events in the Activity Report, this does not necessarily mean you have keyloggers on your PC. However, if any application on your PC should even try to log keystrokes while you were entering information into Trusteer Rapport protected sites, it would have been blocked.

But why does Rapport think canalplan is a protected site?


Shultzy (updater)

That foxed me as well. The password manager uses drag n drop to put user id and passwords into fields so the programme must recognise these as keystrokes. I've told Trusteer Rapport to protect CP for me.


Nick Atty (administrator)

A thought: are those log-on times or times you were using the program. The place entry boxes all use JavaScript to capture the keystrokes so as to run the autocomplete and place-name suggesting feature. Is that what the monitor is picking up?


Shultzy (updater)

The times are login times, and as I only log in once a day there is only one entry.


Stephen Atty (administrator)

Its odd because Rapport isn't indicating what it thinks MIGHT be catching keystrokes - just that something apparently is which makes it just about impossible to diagnose.


Shultzy (updater)

I thought I'd better ask just in case you spotted something out of the ordinary. Its just strange that CP is the only site affected. Thanks for looking.


Stephen Atty (administrator)

The only thing that might be doing it is that the login box is a div which contains an image link from an external site (as its all tied into the external authentication process)


Nick Atty (administrator)

Is this still happening? Should we take any action or close it?


Shultzy (updater)

It happens occasionally, so there is no one thing I can say is different. I always use the same method on logging in to any site and only CP and my bank ever came up. Last week and this weeks report was empty so I would close the issue and I'll reopen if there is any additional info I can add.


Autoclose (administrator)

Closing automatically, stayed too long in feedback state. Feel free to re-open with additional information if you think the issue is not resolved.

-Issue History
Date Modified Username Field Change
2016-03-14 13:15 Shultzy New Issue
2016-03-14 13:15 Shultzy File Added: Keylog.jpg
2016-03-14 18:51 Stephen Atty Note Added: 0000335
2016-03-14 19:00 Shultzy Note Added: 0000336
2016-03-14 19:19 Stephen Atty Note Added: 0000337
2016-03-14 19:20 Stephen Atty Note Edited: 0000337 View Revisions
2016-03-14 19:22 Stephen Atty Note Edited: 0000337 View Revisions
2016-03-14 21:25 Shultzy Note Added: 0000338
2016-03-18 06:38 Nick Atty Note Added: 0000340
2016-03-18 12:36 Shultzy Note Added: 0000342
2016-03-18 17:33 Stephen Atty Note Added: 0000343
2016-03-18 17:37 Shultzy Note Added: 0000344
2016-03-18 17:43 Stephen Atty Note Added: 0000345
2017-07-10 07:57 Nick Atty Note Added: 0001163
2017-07-10 11:47 Shultzy Note Added: 0001168
2017-07-10 15:11 Stephen Atty Assigned To => Stephen Atty
2017-07-10 15:11 Stephen Atty Status new => resolved
2017-07-10 15:11 Stephen Atty Resolution open => fixed
2017-08-09 15:30 Autoclose Note Added: 0001217
2017-08-09 15:30 Autoclose Status resolved => closed
+Issue History