Login

is2gu · (This post was last modified: 14-06-2010, 01:24 PM by TCH.)

We just discovered a huge security hole today with visionapp 2010 R2.

We have public credentials that we have restricted access to certain user-defined roles. A user without access can not see these restricted credentials under the credentials folder in visionapp. However, if they right click on a connection and choose "Connect as" they are able to use any public credential.

This needs fixed ASAP!

is2gu · 14-06-2010, 02:42 AM

Have you been able to confirm this bug?

DevOma · 14-06-2010, 07:38 AM

Yes, I can confirm this

is2gu · 14-06-2010, 02:21 PM

Since this completely renders the security useless will you issue a patch immediately to correct this issue?

TCH · 15-06-2010, 09:53 AM

Hi,

Currently we are thinknig about the best way to provide a solution for that.

is2gu · 17-06-2010, 05:42 PM

Any word on when this will be fixed?

TCH · 18-06-2010, 08:50 AM

Hi,

Most likely by end of next week or beginning of the one after.

is2gu · 18-06-2010, 12:43 PM

To be honest; this is a bug of such importance that a notification should be sent out to the user base alerting them of the potential problem. This product is not in beta anymore and should be treated like such.

TCH · 18-06-2010, 03:28 PM

Hi,

I just created both a thread in our knowledge base and one here in the forum.
Please have a look:
http://forum.visionapp.de/showthread.php?tid=4178

Login
Username:
Password:	Lost Password?
	Remember me