Tableau Security Notification: Protect Your Information
You may be identified as a security point of contact or site administrator for your company’s Tableau portal account. If this is the case, please see this article for information on how to set a security point of contact if your portal account does not have one set already.
At XeoMatrix, we understand that the confidentiality, integrity, and availability of your data is vital to your business, and we take the protection of your data very seriously. We value transparency and want to notify you of an issue affecting certain Tableau Bridge Client versions.
What is the Issue
On September 16, 2022, Salesforce Security discovered that, due to a coding error, machines installed with Tableau Bridge Client versions 20222.22.0524.2122 and 20222.22.0804.0326 are logging database secrets (including usernames, passwords, and OAuth tokens) in Base64 format when processing extract refresh requests for Published Data Sources triggered by Online schedules (found here).
On September 16, 2022, Tableau fixed the coding error that was causing your database secrets to be inadvertently logged.
Actions to Take
Please download and install the latest version of Bridge Client, 20222.22.0916.1526 by following this link. To eliminate the potential for unauthorized access to your database, rotate any credentials affected by the scenarios mentioned above.
In alignment with security best practices, please take the following steps to ensure that access to your logging directory is limited to authorized personnel.
Check Access To Your Tableau Bridge Client Logging
Consult your security team to ensure that only authorized personnel has access to your Tableau Bridge Client logging directory.
- Open Windows Explorer.
- Open the C: drive to access the directories.
- Hover the mouse over the “Logs” directory, then right-click and select “Properties.”
- Select the “Security” tab.
- In the pop-up dialogue, under “Group or user names”, you will be able to see the list of users who have read and write access to the directory.
Purge Logs Containing Database Secrets
We also suggest you purge the logs containing your database secrets by following these steps.
- Stop Bridge Client applications from impacted Bridge Client versions from running by right-clicking the ‘+’ icon in the system tray and selecting “Exit”.
- Remove all files from the Bridge Client log directory, which is typically located in “”C:\Users\\Documents\My Tableau Bridge Repository\Logs”, and clear the Trash can.
While we understand that customers retain their logs for a variety of reasons, we strongly suggest that you purge the logs containing sensitive data. If you choose not to purge these logs, please ensure that you have limited access to your logging directory to authorized personnel by taking the steps outlined above.
Tableau is Taking Action
Tableau is taking steps to make sure this doesn’t happen again. In addition to fixing the coding error that caused this issue in the newest release of Bridge Client, to ensure that this does not happen again, they have updated their automated tests and scans so that they can identify and redact sensitive data being logged in Base64 format before every release.
XeoMatrix is Here to Help
If you have been affected by this issue, please take action today. If you have questions or concerns on the steps you need to take to keep your data safe, XeoMatrix can help. Contact us today with any questions you may have.