Please download the hotfix, TPAM Hotfix 10336 for KB 263370, attached to this KB.
The following is a list of issues resolved in this hotfix.
Issues resolved in hotfix 10336:
|Resolved Issue||Issue ID|
Password is being sent in clear text in the URL when creating a UserID.
When creating Admin UserIDs the CSRF token that is being sent to the server is not being verified which is leading to CSRF attack regardless of the Token usage.
Applicability of this hotfix
Products affected by this hotfix:
To install the hotfix
1. Take a backup of the TPAM appliance.
2. Copy the supplied .zip file to your local computer.
3. Log in to the TPAM /admin interface.
4. Select Maint | Apply a Patch from the menu.
5. Click the Select File button.
6. Click the Browse button. Select the patch file that you saved locally.
7. Click the Upload button.
8. Type xmkqLeCK4Q in the in the Key box.
9. Type /genkey in the Options box.
10. By default, if you are applying a patch to a primary member of a cluster, the replicas in the cluster will be listed and highlighted in the Target Replicas list. If any of the replicas are deselected, the patch will not be applied to it. The replica can be patched at a later date by logging on directly to the /admin interface of the replica. If the software version numbers (excluding the build number) of the primary and the replica still match them the primary will still be able to send data to the replica. We recommend that you contact Technical Support before deciding to deselect any of the replicas on this list.
11. Click the Apply Patch button.
12. A reboot is recommended after successfully applying this patch to an appliance.
Removing this hotfix
To remove this hotfix:
1. To remove this hotfix the TPAM appliance can be revert to a snapshot through the Kiosk and a backup of the most recent data can then be restored.