One Identity are aware of a security issue related to some account passwords being visible in the Console component’s log files. This is identified by CVE-2024-49591 How does this affect me? If an administrator configured SQL Server through the Console, sensitive information (such as SQL Server Service Account credentials) supplied during configuration may be stored insecurely. Resolution Versions 4.5.3, 4.6.1 or 4.7.1 should be used for new deployments as they close this vulnerability. The fix will be included in future releases. Vulnerable versions will no longer be available for download. To mitigate this issue on existing servers, administrators can manually remediate this issue. Please see KB 4377312 for additional details. We apologize for the inconvenience this issue may have caused. We are working quickly to correct it. |
|
|
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center