Skip to Content.
Sympa Menu

technical-discuss - [InC-Technical] InCommon Federation Security Incident Report 2017-08-02-01

Subject: InCommon Technical Discussions

List archive

[InC-Technical] InCommon Federation Security Incident Report 2017-08-02-01


Chronological Thread 
  • From: Nick Roy <>
  • To: Nicholas Roy <>
  • Subject: [InC-Technical] InCommon Federation Security Incident Report 2017-08-02-01
  • Date: Fri, 18 Aug 2017 13:05:04 -0600
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:ir/3hR03GnZClRE7smDT+DRfVm0co7zxezQtwd8ZsesUKfnxwZ3uMQTl6Ol3ixeRBMOAuqIC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9ZDeZwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfV5Yq7Qc88WSXdYUspNSiBKH4ewY5YPAuYEO+tXqJXwqlUMoBawHAWgGOziwSJMinL2waE21uIsGhzE0gM9BdIDqGraotXoOqkRX+66wqbHwinMYfNXwjr99IrFfwo9rf2QU799c8zcwlQvGQPfiVWQrJToMSuU1usRsGiQ8vZuVeWvimU6rAxxpCKvxsAsi4TSh4IVzEzE+jtjwIYzO9K4VFB3bcS6H5RNqiGXLo17Sd4sTWFvvSY10LwGuZijcSgLzpQn2wDQa+aBc4eW/hLvSvydLilli3J4fr+0mhW88VC4x+HhSsW530xGoyVHn9XWuH0A2Abf58yaRvdl4Eus2CqD2x3W5+1aIk05m6/WJpE/zrIsiJYetFnMEy/qlEjzjaKbdVko9+et5unkZrjquJGROop6hwz6MqkulMmyDOc2PwUOQ2SW//m32qf58k3jWrpKi+U7kqnHv5DeIsQWvra3DhNS3Io/9hqzFiqr39YGkXUeK1JKYwyIg5LuO1HTPPD3FvC/g0mqkDh23fzGJqfhApLRLnfdjLjhYbd960layAYpytBf+o5UCrUGIPL0WU/9rsDXDhg8MwCswubnDsty1p8GVG6SHqOUP7nevFCK6+41LeSBa5UZtTLgJ/Q94v7hl345mVsTfamz2psXbWi1HvJ8I0WeYXvhmdYBEWEWvgUgVuzqjkONUSJNa3qoQa0z+yw7BJq8DYjfXoCtnKCB3CCjE51XYGBJFleMEXLtd4WDXfcAciWSItVukjAdVLihTZMu2QiptA/i0LprN+zU+ioEtZLi2th15vHcmgsu9Tx1CMSd1XqNQnpwnmMJXD82wLt/rVJnxleC16h4n+JXFcZV5/xXTgc2K4TQwPJnBNDvQgjBZMuGSE66QtW6BjE8VtMxw9kSbEZ6HtWiixfD3yywD78SjbyLC4U48r7C0HftJ8Z9zXfG27U7gFkiW8dAKGymhrVj+AjOHI7JiF6Ul6KrdaQHwC7N73mPwXCPvEFeTA5/T7/FXXYBaUvKs9j1/F3NQKKzCb4/KAtO1daCKrdWat3ulVhGRfHjN8jZY2K0nmewAhCIyqmLbIrwdGURxT3dB1IekwAP/HaJKQk+Bj+7rGLYEDxuDkniY0ft8elltHO7VVE4wxuLb01ny7q65AQVhfqCRPMPwL4IojkupChpHAX149WDLduLpw1ldb4UW9QsqANBz2XInw17IpG6Ka1+3BgTfxkh7G300BAiLIRLkoAQq2JimAxoLrOw0VVdeime0IyqfLDbNz+hr1iUd6fK1wSGg56t8aAV5aF98Aju
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
Hello,

On Tuesday, August 1st 2017, an InCommon Federation user reported a
defect in the InCommon Federation Manager software that would allow
unauthorized access to the Delegated Service Provider Administration
functionality. InCommon staff worked to resolve this issue rapidly,
perform a risk analysis, and develop an incident report. As part of
InCommon's Federation Security Incident Handling Framework [1] we are
now sharing this report with Federation participants. Please visit the
link below to read more about InCommon's Federation Security Incident
Handling Framework and to read the incident report for incident number
2017-08-02-01.

Please let me know if you have any questions or concerns.

[1] https://spaces.internet2.edu/x/lQdhBg

Best Regards,

Nick Roy
Director of Technology and Strategy, InCommon


  • [InC-Technical] InCommon Federation Security Incident Report 2017-08-02-01, Nick Roy, 08/18/2017

Archive powered by MHonArc 2.6.19.

Top of Page