Kaseya Community

Possible security hole?

  • When an admin is logged in at two locations, when logged off at one location, the other location also gets logged off. This means the login is server side.

    Now, if someone spoofed the login details from an admin or maybe sent a request from the same IP, they could gain access to the management console from a different system.

    I could be incorrect in the security hole part but it seems feasible.



    I have also found out the machine group and view variables are stored on the server side. This is a pain when trying to work with multiple tickets from different groups. This issue I have raised with Kaseya before. I would like to see it moved to client side so multiple windows can have tickets from multiple machine groups.




    Legacy Forum Name: Possible security hole?,
    Legacy Posted By Username: rodbibeau
  • Intresting concept. Session data does appear to be stored on the server side. hijacking someones session Id would mean access to the DB which would be a major problem. I dont know about client side processing as data can be easily manipulated.

    Legacy Forum Name: Server,
    Legacy Posted By Username: Mark.Knapp