Plantronics + Polycom. Now together as Poly Logo

MediaSuite Security breach

MediaSuite Security breach

I encountered a security breach by changing a user's password


In the admin portal, when changing a user's password, the browser prompts to save the new credentials and instead of displaying the user name displays the old password that was in the database.

 

That is, the old password of a user is exposed

 

I to open a call to report.

Message 1 of 8
7 REPLIES 7
Polycom Employee & Community Manager

Re: MediaSuite Security breach

Hello Danillo Cacharo,

welcome to the Polycom Community.

What version of the MediaSuite have you found this and does this only happen with Chrome ?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 8
Highlighted

Re: MediaSuite Security breach

Yes chrome. 2.5 and 2.7
I decided for this post, because after a phone call the analyst did not take the problem seriously and there was no report of it for correction in other versions.

I work with polycom and would like to see this bug fixed for security.

 

I'll remove the post

Message 3 of 8
Polycom Employee & Community Manager

Re: MediaSuite Security breach

Hello Danillo Cacharo,

Our security team tried to replicate this and are unable to do so.

 

Do you have any Polycom service reference or a case for this?


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 8
Regular Visitor

Re: MediaSuite Security breach

Was this issue addressed?  Our security office is concerned with accessing the MediaSuite server from outside our domain, indicating that usernames and passwords are not encrypted.  

Message 5 of 8
Polycom Employee & Community Manager

Re: MediaSuite Security breach

Hello @CMROSS,

welcome to the Polycom Community.

This was never officially raised so nothing to address as testing this I could not replicate.

 

If you can replicate get this into Harman support as they look after the product now.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 6 of 8
Regular Visitor

Re: MediaSuite Security breach

I'll see if I can replicate.  However, our security officer has concerns that you might can help me address.  Our install was completed only allowing access to the mediasuite from within our campus network.  However, we want students from off campus to have access.  It doesn't appear as though usernames and passwords are encrypted which means these could be captured.  Currently, we use our active directory usernames and passwords; we definitely do not want these to be compromised.  I'm curious as to how other customers deal with this concern.

Message 7 of 8
Polycom Employee & Community Manager

Re: MediaSuite Security breach

Hello @CMROSS,

Polycom no longer supports this Product.

 

https://news.harman.com/releases/releases-20171102


Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 8 of 8