Hello
In testing this vulnerability we have identified a second instance in this log that leaves users vulnerable to identity theft. We will be correcting this issue as well as the issue. Again this second vulnerability affects all our prior versions.
We will be updating this forum post again when the fix is ready to be deployed.
We have fully addressed the security concerns of this issue in all our supported versions. Versions 4.5 and 5.0 each have this security concern patched. This will also be included in our upcoming release of 5.1. If you would like to have this Patched in your system please create a support ticket and we will co-ordinate with you from there.
Phillip Ma
Dear valued Sippy Customer,
We have found a security vulnerability in our httpd-access.log (as of December 18th, 2017). We currently have a fix in testing and are verifying the solution across a number of different scenarios where passwords are created or modified. This vulnerability affects all our prior versions including 4.5 and 5.0.
We will be updating this forum post once a fix is ready for deployment.
Sincerely,
Phillip Ma
Product Manager
Sippy Software
1 person likes this