January 31, 2019

The first patch for PremiSys™ is now available that resolves the following vulnerability:
 
 
Tenable Identified Issue IDenticard® PremiSys Action
CVE-2019-3906:
Hardcoded Credentials
(Admin Access to Service)		 Removes the hardcoded credential and replaces it with a unique system-generated password for each session
 

The patch is available to all PremiSys and PremiSys ID users at no charge.

To begin, click here for the pre-installation instructions and to request the PremiSys v4.1 download link and you will receive instructions and a link to download the software upgrade within one business day. Before proceeding, you will need to know your IDenticard account number. It is important that you read and follow these pre-installation instructions before starting the software upgrade.

Thank you for your assistance in ensuring that the PremiSys systems for all of our customers are running with this latest patch. If you have any questions in the meantime, please contact me at aaron_henderson@bradycorp.com. For technical questions, please contact IDenticard tech support at (800) 220-8096.

As we previously stated, the following issues will be addressed in future releases:
 
Tenable Identified Issues IDenticard PremiSys Actions
CVE-2019-3907:
Weak Hashing/Encryption		 The current encryption method used for authentication will be replaced with a stronger method such as SHA 256 or bcrypt. The patch release is estimated for February 2019.
CVE-2019-3908:
Hardcoded Password		 The hardcoded password for backup files will be removed in a future release, which is estimated for February 2019. We will provide recommended best practice options for securing backup files to system administrators.
CVE-2019-3909:
Default Database Credentials (Full Access to Service Databases)		 As an immediate, short-term solution, we advise system administrators to replace the default username and password. Please contact our Technical Support Team at (800) 220-8096 for assistance. You may advise your end user system administrators to contact their authorized IDenticard reseller for assistance.

The PremiSys application will be modified to require the end user to configure their unique username and password.
 
 
Sincerely,
 
R. Aaron Henderson
Director, Field Sales
IDenticard Access Control
 
 

800.233.0298

IDenticard.com

IDenticard • 148 E. Stiegel Street • Manheim, PA 17545
 
Facebook   Twitter   LinkedIn