Knowledge Base

Terminalfour: 8.3.11.2

Date Released:
April 18 2023

General

This update resolves an authentication vulnerability (CVE-2023-29484) where, given specific conditions, an LDAP user with an incorrectly configured LDAP identifier could log into the Terminalfour platform using an invalid password.

By default, an imported LDAP user would have the correct LDAP identifier set. To exploit this vulnerability the LDAP identifier of an importer user would need to have been manually altered to an incorrect value.

With this release, a user with an incorrectly set LDAP identifier is no longer able to log into the Terminalfour platform with an incorrect password.

Changes

Issue Type Component Summary Priority Key
Bug Authentication Authentication issue: LDAP users with incorrectly configured identifiers can login with incorrect passwords P1 RDSM-36840

Before upgrading

In advance of the upgrade please view the information and Technical Roadmap. Please contact us prior to upgrading we can provide you with the pre and post-upgrade tasks.

Priority

Please note that the priorities assigned to bugs differ from those assigned to Client Support tickets:

  • P1 - Major rework of product.
  • P2 - Major performance change. 
  • P3 - Regular priority change. 
  • P4 - Minor change. 
  • Trivial - Very minor UI changes.