Portal Home > Knowledgebase > Articles Database > Kayako - Security Update
Kayako - Security Update
Posted by Steven, 11-11-2013, 10:56 AM |
Kayako released an update for an unspecified security update today.
http://wiki.kayako.com/display/DOCS/4.63
|
Posted by Jamie Edwards, 11-15-2013, 12:43 PM |
Steven
Thanks for posting this. Actually, we (@Kayako) should have given this a description in the changelog but we forgot. We fully disclose for non-critical security updates which we ship as part of the usual release schedule.
This fix is for a username enumeration vulnerability. Or in simple terms, login error messages can be used to confirm the existence of a username.
Certainly an important security feature for the security hypersensitive (and yes, we pay attention to every security detail!), but not a critical issue in itself. Thank you for sharing this nonetheless.
|
Posted by Genius Guard, 11-15-2013, 12:46 PM |
Thank you for posting.
|
Posted by Steven, 11-15-2013, 01:07 PM |
Thanks for the update Jamie!
It was difficult to ascertain how critical the update was with the information that was presented at the time of posting
|
Add to Favourites Print this Article
Also Read