Release Notes

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Release notes 2.1.9

Configuration

Scroll Prev Top Next More

Correction of vulnerabilities

General vulnerabilities

The following vulnerabilities have been fixed:

▪XSS, on the system view screens when saved searches were used.

▪Formula injection, in the generic spreadsheet import in the components.

▪SSRF (Server side request forgery), in the consumption of REST data sources.

▪Account enumeration, in the password exchange feature.

Multifactor Authentication - MFA

In this version of the system, we have directed our efforts in ensuring security to add the multifactor authentication, ensuring the identity of the user accessing the application.

The multifactor authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to access a feature or application, decreasing the probability of a successful cyber attack.

This initial implementation is based on the two-step authentication, sending a validation code through the user e-mail address, or the e-mail address entered by them if it has not been filled out.

It is possible to enable this tool in Authentication (CM008) arrowrgray Security Enable multi-factor authentication.

For this feature to function, the default e-mail server record of the system (CM010) must be configured and working correctly.

By enabling MFA, the two-step authentication flow will be enabled and will request users to enter the sent verification code.

This code is valid for 5 minutes, and its expiration date is displayed when it is sent.

MFA will be available for the following login types:

▪Internal (including external user);

▪LDAP;

▪NTLMv2.

The flow steps are:

1.User and password validation;

2.Sending the validation code;

3.Code validation;

4.Access permission.

If the user does not have a registered e-mail address, a message will be displayed requesting the user to enter one to receive the validation code.

After the user goes through the flow steps, successfully validating the password and verification code, they will be allowed to enter the system.

The entire two-step authentication process is recorded and it can be viewed in SoftExpert Configuration, in the Monitoring arrowrgray Session history (CM001) menu.

1 / 3

2 / 3

3 / 3

❮ ❯

Login unification - External user

The option to unify the login screen has been made available, allowing external users to use the main login screen to access the system.

To do that, in SoftExpert Configuration, in the Authentication (CM008) arrowrgray External user access menu, enable the "Enable single sign-on for external users" option.

Once this option is enabled, external users are not limited to the access URL made available in "/external-login".

Task count

This version has some performance improvements in the counting of some tasks.

There is also a new control for the tasks in which counting is too costly to stop being counted temporarily, without affecting the overall performance of the system.