Knowledgebase

Portal Home > Knowledgebase > Articles Database > Kayako - Security Update

Kayako - Security Update

Posted by Steven, 11-11-2013, 10:56 AM

Kayako released an update for an unspecified security update today. http://wiki.kayako.com/display/DOCS/4.63

---

Posted by Jamie Edwards, 11-15-2013, 12:43 PM

Steven Thanks for posting this. Actually, we (@Kayako) should have given this a description in the changelog but we forgot. We fully disclose for non-critical security updates which we ship as part of the usual release schedule. This fix is for a username enumeration vulnerability. Or in simple terms, login error messages can be used to confirm the existence of a username. Certainly an important security feature for the security hypersensitive (and yes, we pay attention to every security detail!), but not a critical issue in itself. Thank you for sharing this nonetheless.

---

Posted by Genius Guard, 11-15-2013, 12:46 PM

Thank you for posting.

---

Posted by Steven, 11-15-2013, 01:07 PM

Thanks for the update Jamie! It was difficult to ascertain how critical the update was with the information that was presented at the time of posting

---

Add to Favourites    Print this Article

"make" command not work ? (Views: 685)

Slow email delivery with new shared hosting provider - where is the delay? (Views: 679)

Interserver Issues? (Views: 728)

Linode Outage 2009-10-27 (Views: 680)

20 GB Space, 200 GB banwidth .. Linux (Views: 614)