A security vulnerability has been discovered in OpenText Document Management, eDOCS Edition (eDOCS DM) that could allow an attacker to compromise the authentication mechanisms in eDOCS. This vulnerability is rated as HIGH.
"To compromise" is a bold declaration, considering the way "the authentication mechanism" is implemented in eDOCS DM!
Out of two solutions that the bulletin suggests, only one directly relates to the issue and is applicable.
The other "solution" consists of two parts, one of which doesn't fully shut the vulnerability and the other has nothing to do with it. It's a different story how the SQL Passthrough feature might get into the bulletin. I shall tell it to you one day. Overall, it looks like OpenText security specialists do not know their own product well enough...
No comments:
Post a Comment