vulnerability DSECRG-11-008 - Forum - OpenEdge RDBMS - Progress Community

vulnerability DSECRG-11-008

 Forum

vulnerability DSECRG-11-008

This question is not answered

Hello! Do not tell us about the vulnerability of DSECRG-11-008 (www.securityfocus.com/.../515966). Was Authentication bypass vulnerability? If you have fixed in which version of the software

All Replies
  • This is really an interesting question.

    I investigated this issue in 2011 and I was able to reproduce it for version 10.2A for Windows by steps from this arcticle. But for 10.2B and higher this did not work. Therefore, I believe this is already fixed.

    In addition, since then much has changed regarding security in OpenEdge beginning with the improvements for using CLIENT-PRINCIPAL, Spring Security and ending with the OpenEdge Autentification Gateway in 11.7

    But I would also be interested in hearing the official opinion.

    Regards,

    Valeriy