Skip to Content.
Sympa Menu

inc-ops-notifications - [InCommon NOTICE] InCommon Federation Security Incident Report 2017-08-02-01

Subject: InCommon Operations Notifications

List archive

[InCommon NOTICE] InCommon Federation Security Incident Report 2017-08-02-01


Chronological Thread 
  • From: Nick Roy <>
  • To: Nicholas Roy <>
  • Subject: [InCommon NOTICE] InCommon Federation Security Incident Report 2017-08-02-01
  • Date: Fri, 18 Aug 2017 13:05:04 -0600
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:ir/3hR03GnZClRE7smDT+DRfVm0co7zxezQtwd8ZsesUKfnxwZ3uMQTl6Ol3ixeRBMOAuqIC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9ZDeZwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfV5Yq7Qc88WSXdYUspNSiBKH4ewY5YPAuYEO+tXqJXwqlUMoBawHAWgGOziwSJMinL2waE21uIsGhzE0gM9BdIDqGraotXoOqkRX+66wqbHwinMYfNXwjr99IrFfwo9rf2QU799c8zcwlQvGQPfiVWQrJToMSuU1usRsGiQ8vZuVeWvimU6rAxxpCKvxsAsi4TSh4IVzEzE+jtjwIYzO9K4VFB3bcS6H5RNqiGXLo17Sd4sTWFvvSY10LwGuZijcSgLzpQn2wDQa+aBc4eW/hLvSvydLilli3J4fr+0mhW88VC4x+HhSsW530xGoyVHn9XWuH0A2Abf58yaRvdl4Eus2CqD2x3W5+1aIk05m6/WJpE/zrIsiJYetFnMEy/qlEjzjaKbdVko9+et5unkZrjquJGROop6hwz6MqkulMmyDOc2PwUOQ2SW//m32qf58k3jWrpKi+U7kqnHv5DeIsQWvra3DhNS3Io/9hqzFiqr39YGkXUeK1JKYwyIg5LuO1HTPPD3FvC/g0mqkDh23fzGJqfhApLRLnfdjLjhYbd960layAYpytBf+o5UCrUGIPL0WU/9rsDXDhg8MwCswubnDsty1p8GVG6SHqOUP7nevFCK6+41LeSBa5UZtTLgJ/Q94v7hl345mVsTfamz2psXbWi1HvJ8I0WeYXvhmdYBEWEWvgUgVuzqjkONUSJNa3qoQa0z+yw7BJq8DYjfXoCtnKCB3CCjE51XYGBJFleMEXLtd4WDXfcAciWSItVukjAdVLihTZMu2QiptA/i0LprN+zU+ioEtZLi2th15vHcmgsu9Tx1CMSd1XqNQnpwnmMJXD82wLt/rVJnxleC16h4n+JXFcZV5/xXTgc2K4TQwPJnBNDvQgjBZMuGSE66QtW6BjE8VtMxw9kSbEZ6HtWiixfD3yywD78SjbyLC4U48r7C0HftJ8Z9zXfG27U7gFkiW8dAKGymhrVj+AjOHI7JiF6Ul6KrdaQHwC7N73mPwXCPvEFeTA5/T7/FXXYBaUvKs9j1/F3NQKKzCb4/KAtO1daCKrdWat3ulVhGRfHjN8jZY2K0nmewAhCIyqmLbIrwdGURxT3dB1IekwAP/HaJKQk+Bj+7rGLYEDxuDkniY0ft8elltHO7VVE4wxuLb01ny7q65AQVhfqCRPMPwL4IojkupChpHAX149WDLduLpw1ldb4UW9QsqANBz2XInw17IpG6Ka1+3BgTfxkh7G300BAiLIRLkoAQq2JimAxoLrOw0VVdeime0IyqfLDbNz+hr1iUd6fK1wSGg56t8aAV5aF98Aju
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hello,

On Tuesday, August 1st 2017, an InCommon Federation user reported a
defect in the InCommon Federation Manager software that would allow
unauthorized access to the Delegated Service Provider Administration
functionality. InCommon staff worked to resolve this issue rapidly,
perform a risk analysis, and develop an incident report. As part of
InCommon's Federation Security Incident Handling Framework [1] we are
now sharing this report with Federation participants. Please visit the
link below to read more about InCommon's Federation Security Incident
Handling Framework and to read the incident report for incident number
2017-08-02-01.

Please let me know if you have any questions or concerns.

[1] https://spaces.internet2.edu/x/lQdhBg

Best Regards,

Nick Roy
Director of Technology and Strategy, InCommon



  • [InCommon NOTICE] InCommon Federation Security Incident Report 2017-08-02-01, Nick Roy, 08/18/2017

Archive powered by MHonArc 2.6.19.

Top of Page