Important update to NCSM 1.3 for NCSM Failover, AD integration and a CSS Attack vulnerability.
Available here.
—
* Fixes included in this Interim fix:
IZ07806 SECURITY MANAGER FAILOVER PROBLEM
Security Manager Failover has been fixed. Two properties have been added to allow the operator to configure the amount of time it takes for the
backup server to take over the primary role when the original primary has become uncontactable. Both properties can be added to SM_server.props
* Fixes included in this Interim fix from IF0001:
IY95615 SECURITY MANAGER IS VULNERABLE TO CSS ATTACK.
Security Manager is vulnerable to Cross site scripting attacks.
IY97212 ACTIVE DIRECTORY AUTHENTICATION
Security Manager works with Active Directory Authentication if all users as stored in the one directory. If you wish to do a subtree search for users in more that one directory follow the following steps after installing the patch.
IZ02329 NCSM_CRYPT.BAT SCRIPT OF SECURITY MANAGER 1.3 RUNNING ON WINDOWS CANNOT ENCRYPT A PASSWORD THAT CONTAINS SPECIAL
CHARACTERS.
IZ02716 AUDIT LOGGING IN SECURITY MANAGER CAN NOT BE CONTROLLED
Records of login attempts and logouts of users is now recorded in a log file SM_userauditlog.log
IZ04768 WHEN USING AD LDAP AUTHENTICATION USER CAN LOG ON WITHOUT ENTERING PASSWORD
A security issue with LDAP Authentication has been solved.