Progress patches authentication bug in OpenEdge

By

All supported versions affected.

Progress Software’s OpenEdge authentication gateway and AdminServer need to be patched against a critical authentication bypass bug present in all supported releases of OpenEdge.

Progress patches authentication bug in OpenEdge

According to the company’s advisory, the bug affects OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.

The bug’s Mitre entry adds: “Certain unexpected content passed into the credentials can lead to unauthorised access without proper authentication.”

Progress said the vulnerability manifests when the OpenEdge authentication gateway (OEAG) is configured with an OpenEdge domain that uses the operating system’s local authentication provider.

Another vulnerable scenario is when the admin server connection is made by OpenEdge Explorer and OpenEdge management, because this process also uses the OS’s local authentication provider.

AdminServer logins are always vulnerable, Progress explained, because they only support OS local logins.

The OEAG, on the other hand, “is only vulnerable when an administrator has configured an OpenEdge domain to use the OS local authentication provider”, the advisory stated.

“The vulnerability incorrectly returns authentication success from an OE local domain if there is a failure to properly handle certain types of usernames and passwords.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Log In

  |  Forgot your password?