{"id":898,"date":"2022-01-11T11:42:09","date_gmt":"2022-01-11T11:42:09","guid":{"rendered":"https:\/\/int64software.com\/blog\/?p=898"},"modified":"2022-01-11T11:42:10","modified_gmt":"2022-01-11T11:42:10","slug":"overlaps-security-update-3-1-2","status":"publish","type":"post","link":"https:\/\/int64software.com\/blog\/2022\/01\/11\/overlaps-security-update-3-1-2\/","title":{"rendered":"OVERLAPS Security Update 3.1.2"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">We have just released a minor security update for OVERLAPS which we are recommending all clients currently on version 3.1 or higher to install. Full details and the mitigation steps can be found below.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-issue\">The Issue<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The issue relates to the LDAPS (LDAP-over-SSL) systems which were implemented in update 3.1.0.0, and may result in a situation where this occasionally fails over to a regular LDAP connection during the initial connection phase under certain non-default circumstances.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, it is important to point out that this does not occur while actually transferring data between OVERLAPS and Active Directory.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"effected-version\">Effected Version<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The following versions of OVERLAPS have been identified as at-risk:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>3.1.0.0<\/li><li>3.1.1.0<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"should-i-be-concerned\">Should I be Concerned?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We take all security issues with the utmost seriousness. However, this particular issue shouldn&#8217;t raise any significant concerns because:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>By design it would only happen during the connection phase, not while transferring sensitive data such as Local Administrator passwords.<\/li><li>Even over a regular LDAP connection, Active Directory encrypts internal domain connections with Kerberos.<\/li><li>This would only effect configurations where the default Directory Connection Priority setting has been changed from its default setting of &#8220;Directory Searcher&#8221; to &#8220;LDAP&#8221;, or where &#8220;LDAP&#8221; has been selected as the Backup Failover Connection. Neither of which are currently recommended.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">However, as with all security concerns (big or small), <strong>we recommend all customers currently on version 3.1 or above to install the 3.1.2 update to address this potential issue.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"mitigation-steps\">Mitigation Steps<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Our recommended process to mitigate the issue is as follows:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Check your currently installed version against the &#8220;Effected Version&#8221; list above to see if you need to take action. The version is displayed in the footer of each page within OVERLAPS.<\/li><li>In OVERLAPS, under <strong>Config -> Website Settings -> Active Directory -> Domain Connection Priority<\/strong>, ensure that &#8220;<strong>Directory Searcher<\/strong>&#8221; is selected for all three First Priority connections.<\/li><li>In the same section, ensure that &#8220;<strong>None<\/strong>&#8221; is selected for the Backup Failover Connection for all three options. &#8220;LDAP&#8221; should not appear selected in any of the boxes.<\/li><li>Install the 3.1.2.0 update at your earliest convenience.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">While not a significant threat, and due to the specific non-standard configuration that it requires, this is unlikely to effect any of our clients. However, we have addressed this as a priority in putting this notice and update out, as we would any actual or potential security concern.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you have any concerns or questions, please contact us by email at <a href=\"mailto:support@int64software.com\">support@int64software.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have just released a minor security update for OVERLAPS which we are recommending all clients currently on version 3.1 or higher to install. Full details and the mitigation steps can be found within.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[16,50],"tags":[20],"class_list":["post-898","post","type-post","status-publish","format-standard","hentry","category-overlaps","category-security","tag-overlaps"],"_links":{"self":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts\/898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/comments?post=898"}],"version-history":[{"count":3,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts\/898\/revisions"}],"predecessor-version":[{"id":902,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/posts\/898\/revisions\/902"}],"wp:attachment":[{"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/media?parent=898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/categories?post=898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/int64software.com\/blog\/wp-json\/wp\/v2\/tags?post=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}