The list of vulnerabilities mention below have been fixed in Desktop Central build 10.0.647. These vulnerabilities were reported by Tomasz Kuczyński.
|Sl No||Vulnerability Details|
|1||Basic authentication in the agent - server communication has been enhanced with Client Certification Authentication.|
|2||Improper authorization handling in agent data posted to the server has been addressed.|
|3||Stored XSS vulnerability in the Inventory section has been addressed.|
|4||Single token per instance for agent authentication has been enhanced with an individual certificate for every agent (CVE-2020-28050).|
This has been identified and fixed in Desktop Central build 100647. Customers have to upgrade to build 100647 or above to patch this vulnerability.
The following are the steps to enable Client Certificate Authentication to address this vulnerability: Login to the web console and Navigate to Admin > Security Settings > Enable Client Certificate Authentication.
You may also refer to this link for more information.
For any queries, feel free to contact our support team at firstname.lastname@example.org
Keywords: Security Updates, Vulnerabilities and Fixes.