Applies to: WAVE Sync
Summary:
This is to inform you of a security vulnerability we have identified in our Cloud service.
Potential Impact: If exploited, an attacker could perform a Man in the Middle attack and hijack the victim’s access to their VMS server
Upon discovering the vulnerability, our security team has:
- Promptly initiated a thorough investigation
- Engaged with cybersecurity experts to enhance our security measures moving forward. During our investigation, we have not found any evidence of this vulnerability being exploited yet. Vulnerability exploitation is relatively hard and demands multiple prerequisites, yet still we recommend performing certain actions.
Resolution:
Fix:
- Developed and tested a security fix to address the vulnerability.
- This fix was deployed to WAVE Sync on September 27, 2023.
Recommended Action for Customers:
- If you are using Wave Sync, we strongly urge you to change the VMS server owner’s (user “admin”) local password for added precaution.
- Perform users and permissions review.
Comments
0 comments
Please sign in to leave a comment.