Hyland has identified an important security issue in the Unity Client in versions 10.0 and higher that may allow the execution of man-in-the-middle attacks. A default configuration setting in the Unity Client configuration file permits the use of unverified certificates when communicating with an application server. Allowing the use of unverified certificates can permit a malicious server to impersonate an OnBase application server and record data traffic before passing it on to the actual application server. The user will not be informed that the server’s SSL certificate is invalid or unverifiable.

This content is for subscribers. Please enter the password to access it.

  • This field is for validation purposes and should be left unchanged.
About Jennifer

Jennifer (aka Pixie) has over 30 years of experience in the Information Technology field, which includes 13+ years of Systems Administration, 16+ years of developing and implementing technical documentation and training, and 14+ years of supporting OnBase. She has extensive experience with OnBase, SQL, and a firm foundation in computer science. Despite this, she considers herself a well-adjusted nerd with hobbies including gardening (poorly), archery, and knitting in public.