Security Notice: Linux Installations 2020.00-2020.05
Issue Level: MEDIUM-HIGH
The password for the internal system account used with Pyramid installations on Linux servers is not being set correctly to a random value during installation.
If Linux servers are exposed outside network security barriers (both internal or external), this can compromise the security of the host servers. If servers are well protected, urgency around this issue is reduced.
Note: This does not affect the application client exposed via browsers and mobile devices.
All Linux (Ubuntu, Centos, Debian, Oracle, RedHat) installations of Pyramid, versions 2020.00 - 2020.05.
Admins are advised to immediately change the password of the "pyramid" user account on all Linux systems using the following example command. The user changing the password needs to have root privileges.
sudo passwd pyramid
This should be immediately applied to all existing installations of Pyramid on Linux OS servers.
Long Term Remedy
The flaw has been corrected and is fixed for all new installations using version 2020.10 on wards.
The fix will upgrade all installations as well.