Security Issues Resolved in 2022.09

The following security issue was addressed in the 2022.09 release.

Configuration Added for Locking Out Users After Repeatedly Providing an Incorrect Security Answer

In the Producer Portal and End-User Portal, the password reset page is followed by a request for the correct response to the user's security question. Configuration options are now available to enable FlexNet Operations to lock out users after they repeatedly provided the wrong security answer:

•

System > Configure > Validators > Lock out user upon repeated security question attempts—Enable this option to lock out a user for a set amount of time after they repeatedly provided the wrong security answer when attempting to reset their password. The number of consecutive failed attempts is defined as part of the FlexNet Platform Server configuration, under System > Configure > FlexNet Platform Server > Consecutive attempts to provide correct security answer.

•

System > Configure > Validators > Lockout period after failed security question attempts—The number of minutes a user is locked out before allowed to answer the security question again.

These parameters work in conjunction with the following parameter, which sets the limit on the number of consecutive security question attempts allowed before a user is locked out.

System > Configure > FlexNet Platform Server > General Options > Consecutive attempts to provide correct security answer

Any error messages that are displayed as a result of the user entering the wrong security answer are currently available in English only.

This added functionality is part of an ongoing effort to improve overall FlexNet Operations security.