Blog - soffid.com
Soffid provides full Single Sign On experience and full identity governance features. All in an open source, efficient and powerful software product. Security and productivity is now affordable.
571
page-template,page-template-blog-large-image,page-template-blog-large-image-php,page,page-id-571,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,qode-child-theme-ver-1.0.0,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Issued on: February 15th Publicly available on: June 1st Abstract: A security flaw has been detected on Soffid IAM Console version 1.7.4. A malformed authentication request could lead to arbitrary code execution. No credentials nor authorization is required to exploit this vulnerability Details Soffid IAM console lets users authenticate using username...

Date: February 2017 Security risk   Soffid engineering team has found a severe vulnerability in Soffid console component. An attacker would be able to execute arbitrary code by injecting a malformed identification token. A Soffid console upgrade has been released to address this security flaw. To protect our...

Soffid ESSO, as any other enterprise single sign on, needs to store the password in a way that can be used by applications, and this requirement implies that password should be stored in either clear text or reversible encryption algorithms, making them vulnerable to insider...