Terminalfour: 8.2.18.2.3
- Date Released:
- April 18 2023
General
This update resolves an authentication vulnerability (CVE-2023-29484) where, given specific conditions, an LDAP user with an incorrectly configured LDAP identifier could log into the Terminalfour platform using an invalid password.
By default, an imported LDAP user would have the correct LDAP identifier set. To exploit this vulnerability the LDAP identifier of an importer user would need to have been manually altered to an incorrect value.
With this release, a user with an incorrectly set LDAP identifier is no longer able to log into the Terminalfour platform with an incorrect password.
Changes
Issue Type | Component | Summary | Priority | Key |
---|---|---|---|---|
Bug | Authentication | Authentication issue: LDAP users with incorrectly configured identifiers can login with incorrect passwords | P1 | RDSM-36840 |
Before upgrading
In advance of the upgrade please view the information and Technical Roadmap. Please contact us prior to upgrading we can provide you with the pre and post-upgrade tasks.
Priority
Please note that the priorities assigned to bugs differ from those assigned to Client Support tickets:
- P1 - Major rework of product.
- P2 - Major performance change.
- P3 - Regular priority change.
- P4 - Minor change.
- Trivial - Very minor UI changes.