A security vulnerability was discovered in one of the authentication components that may be used to access Identity Manager called “Redistributable STS” (RST). This could allow an attacker to gain unauthorized access to the system.
How does this affect me?
If you have installed and configured the RSTS component with the help of One Identity Professional Services in order to perform primary authentication against an identity provider STS such as Microsoft ADFS, Microsoft Azure AD, Okta, or Ping Federate, you may be affected by this security vulnerability. This issue does not impact the documented use of the RSTS component for two-factor authentication using WebAuthn security keys as documented in the One Identity Manager Web Application Configuration Guide.
Resolution
A security fix has been released for Identity Manager 8.1.x and 8.2.x versions.
Status
Please review the following knowledge article 337976 for further details on this issue. The updated versions of this fix will also be included in the upcoming releases and service packs beginning with v8.1.6 and v8.2.1.
We apologize for the inconvenience this issue may have caused.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
