Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294

    Kayako - Security Update

    Kayako released an update for an unspecified security update today.

    http://wiki.kayako.com/display/DOCS/4.63

    SWIFT-3857 - Security Issue
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    Join Date
    Apr 2004
    Location
    UK
    Posts
    1,331
    Steven

    Thanks for posting this. Actually, we (@Kayako) should have given this a description in the changelog but we forgot. We fully disclose for non-critical security updates which we ship as part of the usual release schedule.

    This fix is for a username enumeration vulnerability. Or in simple terms, login error messages can be used to confirm the existence of a username.

    Certainly an important security feature for the security hypersensitive (and yes, we pay attention to every security detail!), but not a critical issue in itself. Thank you for sharing this nonetheless.
    .
    @jmedwards
    - find me on Twitter!
    Kayako help desk software - we help our customers help their customers

  3. #3
    Join Date
    Jul 2013
    Posts
    296
    Thank you for posting.

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Jamie Edwards View Post
    Steven

    Thanks for posting this. Actually, we (@Kayako) should have given this a description in the changelog but we forgot. We fully disclose for non-critical security updates which we ship as part of the usual release schedule.

    This fix is for a username enumeration vulnerability. Or in simple terms, login error messages can be used to confirm the existence of a username.

    Certainly an important security feature for the security hypersensitive (and yes, we pay attention to every security detail!), but not a critical issue in itself. Thank you for sharing this nonetheless.
    Thanks for the update Jamie!
    It was difficult to ascertain how critical the update was with the information that was presented at the time of posting
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Similar Threads

  1. Kayako eSupport Owned - Support + Update until Oct, 2010
    By lonea in forum Software & Scripts Offers
    Replies: 2
    Last Post: 06-03-2010, 12:13 PM
  2. Kayako Security Update?
    By M Bacon in forum WHT Announcements, Feedback and Questions
    Replies: 5
    Last Post: 04-01-2010, 02:19 AM
  3. Kayako Security
    By leanfarrell in forum Hosting Software and Control Panels
    Replies: 1
    Last Post: 10-06-2009, 09:14 AM
  4. [FOR SALE] Kayako SupportSuite OWNED - 3 Months Update Left
    By RackWorx in forum Software & Scripts Offers
    Replies: 5
    Last Post: 02-14-2009, 07:16 AM
  5. Security and update
    By bakhanbeigi in forum VPS Hosting
    Replies: 8
    Last Post: 01-23-2008, 01:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •