Password Manager Product Notification

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Support Essentials
Awards and Testimonials
License Agreement
Support Guide
Return
Critical Alerts

Password Manager 5.6.2, 5.6.1, 5.5.3

Problem

Testing has revealed that under certain conditions there is a vulnerability identified with the implementation of Q&A authentication pages on the self-service web site.

How does this affect Password Manager?

The vulnerability takes the form of a possible off-site dictionary attack with a risk of exposing the user’s question responses. This impacts all versions of Password Manager 5.5.X as well as 5.6.x.

Resolution

To remediate a Password Manager Hotfix must be applied. Once applied it will ensure that hashed values are not exposed on the Q&A profile pages.

The below lists all currently supported versions of Password Manager along with the appropriate links to the associated knowledgebase articles. These articles will full explain how to download and apply the Hotfix.

5.6.2:

https://support.quest.com/password-manager/kb/200218

5.6.1:

https://support.quest.com/password-manager/kb/199635

5.5.3:

https://support.quest.com/password-manager/kb/200217

Questions or comments

If you have any questions or comments, please log a request using our Manage Service Request tool or see the Contact Support page for other contact methods available.