Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Essentials
    • Announcements
  • Passwordstate 8.x
    • General Support
    • Feature Requests
    • Feature Requests - Completed
    • Known Issues
    • Installing Passwordstate
    • 3rd Party Hardware/Software Knowledge Forum
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • Mobile Client
    • Passwordstate API
    • Browser Extensions
    • Password Reset Portal
  • Passwordstate 7.x
    • General Support
    • Known Issues

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Google Plus Account


Location


Interests


Biography


Location


Interests


Occupation

Found 8 results

  1. Dear clickstudios team, could you please update your Powershell scripts to use HTTPS (-useSSL) as the default WinRM connection method and only fall back when the connection is not successful. Cheers Sebastian
  2. Haven't seen this here yet, and please point me in that direction if a thread already exists, but I'd like to request a change to the error message that is displayed at the Self-Service Password Rest Portal. Currently, if you input a username that does not exist, you are told that the username was not found. This allows an attacker to enumerate valid accounts for your organization and proceed with related attacks against Security Questions, MFA options and other attack avenues. Could this be a more generic message that does not indicate whether an account is valid or not?
  3. Would like to see option to limit users from adding attachments to specific folders. Since it's already a global configuration, would expect not to be big thing to make per folder setting for it too. Either implement a way to prevent users from adding documents to any folders, but continue to allow uploading them to lists and password items. Or provide a way to disable uploading documents just to specific folders. Use case: Admin makes some folder hierarchy/context on where people should be storing their lists. If there's no way to prevent uploading documents, people tend t
  4. Dear Clickstudios, actually we are Installing Passwordstate for our internal Services and also one of our Customer. For both Installation we would be able to add Azure MFA as an additional Authentication Option. Actually there are some multi-factor provider available, but we would like to Implement it with our Existing Azure MFA instead of Implementing another third-party authentication. Is it Possible to Implement this feature? Hope someone else is also missing this feature. Thanks in Advance and Best regards, Mario
  5. Hiya, I was poking around the MSSQL database backend for PasswordState and noticed a few fields that are not stored with encryption, while they could be (ab)used to gain access to sensitive data. Or to wipe tracks should an actor gain access to the database and/or PasswordState. Obviously it's imperative that the database backend is secured to the teeth, but it's also not unlikely that the designated DBAs do not have admin-rights in PasswordState. Having access to the database may thus lead to an escalation of privileges. Most notably: Valid usernames may be harve
  6. Purpose: This process shows you how to generate a new wildcard certificate from your AD Certificate Store, which can be used for your Browser Based Gateway or you can assign it to your Passwordstate URL. Assigning it to your URL will make for a nicer end user experience, as the all browsers will automatically trust the certificate, assuming the user is accessing Passwordstate from a domain joined machine. Disclaimer: These instructions involve granting your web server permissions to a Web Server Certificate template in your AD Store. We encourage you to review and have
  7. Purpose: Updates to the Chrome browser in the first half of 2017 has generated security warnings, if using the Self Signed certificate supplied with your original install of Passwordstate. This process generates and binds a new Self-Signed certificate that overcomes these new security warnings. Prerequisites: - Windows 8.1 or higher, Server 2012 or higher - Powershell 4.0 must be installed on your web server, preferably Powershell 5.0. To check which version you are running, open Powershell and type in $host. If you need to upgrade Powershell, you c
  8. Greetings! I noticed that emails generated by the Community service don't pass email SPF authentication checks, and also that they aren't being DKIM signed. As a result, all emails from "Click Studios Community <support@clickstudios.com.au>" will end up in our spam filters and I'm sure other email systems as well. Here is a section from the headers of a recent message: Received-SPF: neutral (google.com: 202.136.110.111 is neither permitted nor denied by best guess record for domain of support@clickstudios.com.au) client-ip=202.136.110.111; Authentication-Results: mx.google
×
×
  • Create New...