Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Performance Management
Lawson Business Intelligence/Reporting/Crystal
security hole in LBI
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Rich Cowie
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5255
People Online:
Visitors:
453
Members:
0
Total:
453
Online Now:
New Topics
Lawson S3 HR/Payroll/Benefits
Pay Rate History to Show All Positions
2/26/2025 3:34 PM
Does anyone know how to modify payratehistory.htm
Infor CloudSuite
How to build a Pre-Prod tenant
2/7/2025 1:28 AM
After we finished our implementation and ended our
Lawson S3 Procurement
Browser issue with RQC Shopping
1/28/2025 5:49 PM
Since the recent Chrome/Edge updates, our RQC shop
Lawson S3 Procurement
S3-Procurement New Company
1/22/2025 10:38 PM
My Accounting Department has created a new Company
S3 Customization/Development
JUSTIFIED RIGHT
1/15/2025 7:41 PM
Is there a way in Lawson COBOL to make a character
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1375
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Performance Management
Lawson Business Intelligence/Reporting/Crystal
security hole in LBI
Please
login
to post a reply.
2 Replies
0
Subscribed to this topic
22 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Jimmy Chiu
Veteran Member
Posts: 641
9/29/2010 5:49 PM
I just logged this hole with Lawson. Hopefully they will fix it soon. Anyway, here is the security hole. Ie:
http://server:port/efs/ConfigurationAssistant
No login check, nothing, and you can make changes.
Matthew Nye
Veteran Member
Posts: 514
9/29/2010 6:15 PM
Split
Lawson recommends that after the installation this file is renamed and moved out of the EFS directory. Its meant as an installation and troubleshooting device but shouldnt be left in place. Additionally you could secure this specific file using Authentication security through your web server. Security hole, security by obscurity or just another "undocumented functionality" perhaps.
Matthew Nye
Veteran Member
Posts: 514
10/21/2010 8:41 PM
Split
Lawson recommends that after the installation this file is renamed and moved out of the EFS directory. Its meant as an installation and troubleshooting device but shouldnt be left in place. Additionally you could secure this specific file using Authentication security through your web server. Security hole, security by obscurity or just another "undocumented functionality" perhaps.
Please
login
to post a reply.