IDM Security Advisory #202002
A security vulnerability has been discovered in an IDM component. This issue is present in version 7.0.0 of ForgeRock Identity Management.
September 8, 2020
A security vulnerability has been discovered in an IDM component. The issue is present in IDM 7.0.0.
This advisory provides guidance on how to ensure your deployments can be secured. Workarounds or patches are available to resolve the issue.
The maximum severity of issues in this advisory is Critical. Deployers should take steps as outlined in this advisory and deploy the recommended workarounds or resolutions as described within each issue below.
Issue #202002-01: Authentication Error(s)
| Product | ForgeRock Identity Management |
|---|---|
| Affected versions | IDM 7.0.0 |
| Fixed versions | IDM 7.0.1 |
| Component | IDM Remote Connector Server (RCS) |
| Severity | Critical |
Description:
Servlet authentication bypasses IDM's authentication filter.
Workaround:
Disable endpoint.
Resolution:
Upgrade to IDM 7.0.1.
Change Log
The following table tracks changes to the security advisory:
| Date | Description |
|---|---|
| September 28, 2022 | Fixed broken doc link |
| February 24, 2021 | Added ForgeRock Identity Platform taxon to improve categorization |
| September 8, 2020 | Initial release |