PT-2020-16042 · Hyland · Hyland Onbase
Published
2020-09-11
·
Updated
2022-06-30
·
CVE-2020-25256
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Hyland OnBase versions 16.0.2.83 and below
Hyland OnBase versions 17.0.2.109 and below
Hyland OnBase versions 18.0.0.37 and below
Hyland OnBase versions 19.8.16.1000 and below
Hyland OnBase versions 20.3.10.1000 and below
Description
An issue was discovered where PKI certificates have a private key that is the same across different customers' installations.
Recommendations
For Hyland OnBase versions 16.0.2.83 and below, consider regenerating PKI certificates with unique private keys.
For Hyland OnBase versions 17.0.2.109 and below, consider regenerating PKI certificates with unique private keys.
For Hyland OnBase versions 18.0.0.37 and below, consider regenerating PKI certificates with unique private keys.
For Hyland OnBase versions 19.8.16.1000 and below, consider regenerating PKI certificates with unique private keys.
For Hyland OnBase versions 20.3.10.1000 and below, consider regenerating PKI certificates with unique private keys.
As a temporary workaround, consider restricting access to sensitive data until unique private keys can be generated for PKI certificates.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyland Onbase