User login failure with correct password (web UI)
45 views
Skip to first unread message
Michael Tibbs
Oct 16, 2025, 4:55:03 PM (3 days ago) Oct 16
to Wazuh | Mailing List
Wazzup Wazuhs!
Running Wazuh 4.12 (all modules) on Ubuntu 24.04 VM with 32 GB RAM (Hyper-V host).
Although I can log in with the admin account, new users I create can't.
I created a new user using the Wazuh UI (under Server Management - Security) and added the administrator role.
Error:
Invalid username or password. Please try again.
The only special character in the password is a hyphen - and it's 12 characters long.
Tried other passwords and deleting and creating different usernames.
Tried different browsers and incognito mode (Chrome and Edge).
In browser developer mode, there is some information. (see screen shot)
Any advice on how to find the root cause of this?
Thanks,
-M
Lucas Alberto Fiesta
Oct 17, 2025, 3:26:35 AM (2 days ago) Oct 17
to Michael Tibbs, Wazuh | Mailing List
Hi, I hope you're well.
Thanks for sharing the screenshot! The 401 Unauthorized means the Wazuh Dashboard is reaching the API, but the API is rejecting the credentials.
To confirm what’s happening on the backend, could you please share:
• /var/ossec/logs/ossec.log
• /var/ossec/logs/api.log
Thanks for sharing the screenshot! The 401 Unauthorized means the Wazuh Dashboard is reaching the API, but the API is rejecting the credentials.
To confirm what’s happening on the backend, could you please share:
• /var/ossec/logs/ossec.log
• /var/ossec/logs/api.log
Also, have you checked this thread: https://www.reddit.com/r/Wazuh/comments/1npb3tv/wazuh_i_can_not_login_into_webinterface/
Looks similar to what you're describing.
Let me know if this helps.
Kind regards,
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/c7eccb6f-be9d-4794-9234-08c4f0c162b9n%40googlegroups.com.
lucas....@wazuh.com
Oct 17, 2025, 3:26:35 AM (2 days ago) Oct 17
to Wazuh | Mailing List
Hi, I hope you're well.
Thanks for sharing the screenshot! The 401 Unauthorized means the Wazuh Dashboard is reaching the API, but the API is rejecting the credentials.
To confirm what’s happening on the backend, could you please share:
• /var/ossec/logs/ossec.log
• /var/ossec/logs/api.log
Thanks for sharing the screenshot! The 401 Unauthorized means the Wazuh Dashboard is reaching the API, but the API is rejecting the credentials.
To confirm what’s happening on the backend, could you please share:
• /var/ossec/logs/ossec.log
• /var/ossec/logs/api.log
That will give us some more details.
Also, you could have a look at this thread: https://www.reddit.com/r/Wazuh/comments/1npb3tv/wazuh_i_can_not_login_into_webinterface/
Kind regards,
lucas....@wazuh.com
Oct 17, 2025, 1:40:17 PM (2 days ago) Oct 17
to Wazuh | Mailing List
Thanks for the logs! A couple of checks that could get us closer to identifying the issue:
Try the API directly with the new user (bypasses the Dashboard)
On the Wazuh server, please run:
curl -sk -u '<NEW_USER>':'<NEW_PASSWORD>' \
https://localhost:55000/security/user/authenticate?pretty
If you get a 200 with a token, the user/credentials are valid in the API and the issue should be on the Dashboard side.
If you get a 401, the issue is with the user at the API level (password/activation).
Make sure the Dashboard is pointing to the API you are testing.
Check for this config file: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
The hosts section must define one or more data sources identified by name (e.g., wazuh-test, wazuh-prod). If the data source isn’t identified properly, the login flow may end up with an empty dataSourceId.
Have a look here: https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/settings.html#hosts
Let me know if this helps.
Kind regards,
Try the API directly with the new user (bypasses the Dashboard)
On the Wazuh server, please run:
curl -sk -u '<NEW_USER>':'<NEW_PASSWORD>' \
https://localhost:55000/security/user/authenticate?pretty
If you get a 200 with a token, the user/credentials are valid in the API and the issue should be on the Dashboard side.
If you get a 401, the issue is with the user at the API level (password/activation).
Make sure the Dashboard is pointing to the API you are testing.
Check for this config file: /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
The hosts section must define one or more data sources identified by name (e.g., wazuh-test, wazuh-prod). If the data source isn’t identified properly, the login flow may end up with an empty dataSourceId.
Have a look here: https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/settings.html#hosts
Let me know if this helps.
On Thursday, October 16, 2025 at 5:55:03 PM UTC-3 Michael Tibbs wrote:
Reply all
Reply to author
Forward
0 new messages