Thycotic Secret Server 10.8
Anfang Juni 2020 ist ein Security Fix für Secret Server erschienen – Erfahren Sie hier, was Sie über Secret Server Release 10.8 von Thycotic wissen müssen.
10.8.000004 Release Notes (Englisch)
Note: The system requirements last changed with version 10.7.000000.
Upgrade Notes
- Thycotic encourages all customers to upgrade at the earliest opportunity.
- Security advisories are under review and will be published at the end of that review process. The link to that advisory will appear here.
- Thycotic thanks Jay Huang from Insomnia Security for identifying the security issues leading to this release.
Security
High Priority Security Fix
Addressed incorrect user permissions validation.
- Common Vulnerability Scoring System (CVSS) v3.1 score: 8.8 (High).
- CVSS v3.1 Vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Additional Security Fixes
- Added Custom “URL Security Check” to the Secret Server Security Hardening report. Thycotic recommends configuring the Custom URL.
- Added host and port validation when using a proxied secret.
- Remediated potential cross-site scripting vulnerability.
- Modified user access controls to limit low-privilege application user access to administrative features.
- Implemented SHA-512 hashes for the launcher, replacing an older hash algorithm.
- Removed disclosure of internal IP addresses during authentication process of proxied connections.
- Modified when cookies are set during authentication.
Schnell gefunden
→ Diese Release Notes und frühere Versionen finden Sie bei uns schnell und einfach:
Schnell gefunden/Delinea
Thycotic ist spezialisiert auf Passwort Management und Endpoint Security-Lösungen.
FYRE Consulting ist offizieller autorisierter Partner von Thycotic.