Hyland has identified an important security issue in the Unity Client in versions 10.0 and higher that may allow the execution of man-in-the-middle attacks. A default configuration setting in the Unity Client configuration file permits the use of unverified certificates when communicating with an application server. Allowing the use of unverified certificates can permit a malicious server to impersonate an OnBase application server and record data traffic before passing it on to the actual application server. The user will not be informed that the server’s SSL certificate is invalid or unverifiable.

This content is for subscribers. Please enter the password to access it.

  • This field is for validation purposes and should be left unchanged.
About Jennifer

Jennifer (aka Pixie) has over 30 years of experience in the Information Technology field, which includes 13+ years of Systems Administration, 16+ years of developing and implementing technical documentation and training, and 14+ years of supporting OnBase. She has extensive experience with OnBase, SQL, and a firm foundation in computer science. Despite this, she considers herself a well-adjusted nerd with hobbies including gardening (poorly), archery, and knitting in public.

Jennifer Siegel
Jennifer Siegel
Jul 19, 2013
OnBase Tips & Common Fixes
You May Also Like:
OnBase Tips & Common Fixes
Jennifer Siegel
Jennifer Siegel Apr 11, 2024
MEMBERS ONLY CONTENT
OnBase Solution , OnBase Tips & Common Fixes
Kara Martin
Kara Martin Sep 06, 2023
OnBase Solution , OnBase Tips & Common Fixes
Kara Martin
Kara Martin Feb 15, 2023