Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[BUG] Important Security Bug
#1
Exclamation 
We just discovered a huge security hole today with visionapp 2010 R2.

We have public credentials that we have restricted access to certain user-defined roles. A user without access can not see these restricted credentials under the credentials folder in visionapp. However, if they right click on a connection and choose "Connect as" they are able to use any public credential.

This needs fixed ASAP!
Reply
#2
Have you been able to confirm this bug?
Reply
#3
Yes, I can confirm this
Regards/Gruss
Oliver
Reply
#4
Since this completely renders the security useless will you issue a patch immediately to correct this issue?
Reply
#5
Hi,

Currently we are thinknig about the best way to provide a solution for that.
Grüße/Regards

Thomas
Reply
#6
Any word on when this will be fixed?
Reply
#7
Hi,

Most likely by end of next week or beginning of the one after.
Grüße/Regards

Thomas
Reply
#8
To be honest; this is a bug of such importance that a notification should be sent out to the user base alerting them of the potential problem. This product is not in beta anymore and should be treated like such.
Reply
#9
Hi,

I just created both a thread in our knowledge base and one here in the forum.
Please have a look:
http://forum.visionapp.de/showthread.php?tid=4178
Grüße/Regards

Thomas
Reply




Users browsing this thread: 1 Guest(s)