0

Security Notice: Linux Installations 2020.00-2020.05

Issue Level: MEDIUM-HIGH

Overview 

The password for the internal  system account used with Pyramid installations on Linux servers is not being set correctly to a random value during installation.

If Linux servers are exposed outside network security barriers (both internal or external), this can compromise the security of the host servers. If servers are well protected, urgency around this issue is reduced.

Note: This does not affect the application client exposed via browsers and mobile devices.

Affected Versions

All Linux (Ubuntu, Centos, Debian, Oracle, RedHat) installations of Pyramid, versions 2020.00 - 2020.05.

Remedies

Immediate Remedy

Admins are advised to immediately change the password of the "pyramid" user account on all Linux systems using the following example command. The user changing the password needs to have root privileges.

sudo passwd pyramid

This should be immediately applied to all existing installations of Pyramid on Linux OS servers.

Long Term Remedy

The flaw has been corrected and is fixed for all new installations using version 2020.10 on wards. 

The fix will upgrade all installations as well.

Reply

null