Default Unity Client Configuration Setting Can Allow for Man-in-the-Middle Attacks

Hyland has identified an important security issue in the Unity Client in versions 10.0 and higher that may allow the execution of man-in-the-middle attacks. A default configuration setting in the Unity Client configuration file permits the use of unverified certificates when communicating with an application server. Allowing the use of unverified certificates can permit a malicious server to impersonate an OnBase application server and record data traffic before passing it on to the actual application server. The user will not be informed that the server’s SSL certificate is invalid or unverifiable.

This content is for subscribers. Please enter the password to access it.

About Jennifer Siegel

Jennifer (aka Pixie) has over 20 years of experience in the Information Technology field, which includes 13+ years of Systems Administration and 15+ years of developing and implementing technical documentation and training. She has extensive experience with OnBase, SQL, and a firm foundation in computer science. Despite this, she considers herself a well-adjusted nerd with hobbies including gardening (poorly), archery, and knitting in public.

Subscribe to our Newsletter!

We will send you a newsletter once a month with updates from our blog, resource library, and events calendar.

Newsletter Sign Up
Interested to see what ECM can do for your company?
Get in touch with us today to learn more
Contact Us
  Contact Us

Contact Us Today

  • This field is for validation purposes and should be left unchanged.