Learn about known issues and apply workarounds for Unwired Platform security.
Issue # | Description |
---|---|
SMPONP-13496 | HTTPS port has SSLv3/TLS renegotiation
vulnerability The Sybase Control Center HTTPS port (default value is 8283) is susceptible to the SSLv3/TLS renegotiation vulnerability. The way in which SSL and TLS protocols handle renegotiation requests may allow an attacker to inject plaintext into an application protocol stream, resulting in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. For
vulnerability details see:
Workaround: Fixed in 2.3 SP04. Upgrade is recommended. |
SMPONP-2610 | SiteMinder external cookie scenario not supported for REST SDK
Application on boarding with Sybase Unwired Platform using external
SiteMinder SMSESSION cookie is not supported using REST SDK.
Workaround: Application can use basic authentication with SiteMinder and onboard with SUP. |
RTC-60 | Unwired Server restart is needed after changing truststore
or keystore. Workaround: If you change anything relating to keys or certificates in the truststore or keystore, you must always restart the server. Changes only take effect after a server restart. |
RTC-48 | A user with the "SUP Helpdesk" role can execute all DOE-C package operations
using the command line utility, including modify operations such as
deploying DOE-C packages or setting DOE-C endpoint properties. Help desk operators should not be able to perform modify operations. Workaround: Prevent direct or remote access to Unwired Server for users with the "SUP Helpdesk" role. |
CR-708833 |
External authentication token is not properly handled by iOS
Hybrid Web Container (HWC). Workaround: For an external token to be passed to and used by iOS Hybrid Web Container for performing single sign-on (SSO), make the call to setHttpHeaders before starting the client engine by placing [self setHttpHeaders] in the first line in the startEngine function. See Setting HTTP Headers in Developer Guide: Mobile Workflow Packages. |