Password Manager 5.6.2, 5.6.1, 5.5.3
Testing has revealed that under certain conditions there is a vulnerability identified with the implementation of Q&A authentication pages on the self-service web site.
How does this affect Password Manager?
The vulnerability takes the form of a possible off-site dictionary attack with a risk of exposing the user’s question responses. This impacts all versions of Password Manager 5.5.X as well as 5.6.x.
To remediate a Password Manager Hotfix must be applied. Once applied it will ensure that hashed values are not exposed on the Q&A profile pages.
The below lists all currently supported versions of Password Manager along with the appropriate links to the associated knowledgebase articles. These articles will full explain how to download and apply the Hotfix.
Questions or comments