[rudder-announce] Rudder user authentication vulnerability - Fixed in 6.1.13 and 6.2.7
Alexis Mousset
alexis.mousset at rudder.io
Thu Jun 3 17:17:15 CEST 2021
Dear community,
Rudder 6.1.13 and 6.2.7 releases contain a fix for a vulnerability to
brute-force attacks on local user authentication. If you are using the
file authentication provider (i.e. not an LDAP/AD/radius server) with
bcrypt password storage (introduced by default since 6.1), you should
upgrade your Rudder server to one of these versions.
If you have questions regarding the vulnerabilities or the upgrade
process, please contact us on the users mailing-list or our chat room:
https://chat.rudder.io
--
Alexis Mousset
Rudder
More information about the rudder-announce
mailing list