Hello! Do not tell us about the vulnerability of DSECRG-11-008 (www.securityfocus.com/.../515966). Was Authentication bypass vulnerability? If you have fixed in which version of the software
This is really an interesting question.
I investigated this issue in 2011 and I was able to reproduce it for version 10.2A for Windows by steps from this arcticle. But for 10.2B and higher this did not work. Therefore, I believe this is already fixed.
In addition, since then much has changed regarding security in OpenEdge beginning with the improvements for using CLIENT-PRINCIPAL, Spring Security and ending with the OpenEdge Autentification Gateway in 11.7
But I would also be interested in hearing the official opinion.
Russian Progress User Group