Finding We identified that the APM application allows unauthorized users to gain access via non-expired cookies of a logged out session. The application does not revoke the cookies when the user logs out, which means that an attacker can use the cookies…
- We request that the WebAuth logs include a unique oauth session identifier and include the uid and the event to be able to trace the user ○ In 6.4.1 an auth tracking identifier is included that allows the oAuth session to be identified at all times…
Some customers keep getting the emails from aaf that give an indication that there is a replication error:
Report from CA/m-CA (MASTER). Please check. The server has warning(s)
FL | REGISTRATOR | am01.russellinc.net | 2020-03-19 10:04 | The server…
Client sessions to the Advanced Authentication’s OSP feature that facilitates NAM’s “Generic” aka OAuth method of integration lack resiliency across cluster members.
In our case, and likely many other customers, we have two AA Webservers front-ended…
An application level timeout setting would be useful to control how long the mobile app shows the one-time-password. The existing control follows the system setting which asks for authentication (PIN or bio-metric) after the smartphone is locked.
A…