Potential product vulnerabilities have been identified in the following areas:
• Storage of the Master encryption key
• Storage of administrative service account credentials
Successful exploitation of these vulnerabilities would be dependent on and subject to direct privileged access, and as such represent only one of a number of potential opportunities open to a would-be attacker in such a position.
How does this affect Password Manager?
In an un-patched state Password Manager would remain potentially vulnerable to exploitation from attack internally or via authenticated, secured VPN access.
To resolve the issues impacting Password Manager, as described in this notification, please install the associated security enhancement public hotfix for Password Manager for version 5.6.2, 5.6.3 available here:
Questions or comments