Update Available to Protect Encryption Keys
The IT Portal team has identified a security concern requiring attention. Our ongoing security assessments, prompted by Microsoft Exchange vulnerabilities, revealed a potential issue with how encryption keys are handled on our platform.
The Issue
The IT Portal employs disk-level encryption for stored files on both cloud and on-premises instances. However, a vulnerability exists: If a person has physical access to the web server, they can analyze running processes and possibly read the encryption key as files are being encrypted and decrypted.
This could allow someone with direct server access to potentially compromise sensitive encryption materials during active operations.
What You Need to Do
For Cloud Partners: No action is required. All cloud instances have already been patched with the fix.
For On-Premises Partners: We recommend updating to the latest version, which includes the bugfix addressing this encryption key exposure alongside other recent improvements.
Key Takeaway
This update targets a specific attack vector requiring physical server access, making it relevant primarily for organizations managing their own infrastructure rather than using the cloud service.
