{"id":26870,"date":"2021-07-11T22:40:20","date_gmt":"2021-07-12T02:40:20","guid":{"rendered":"https:\/\/www.canarie.ca\/?page_id=26870"},"modified":"2022-07-19T08:51:47","modified_gmt":"2022-07-19T12:51:47","slug":"procedure-douverture-directe-de-seance","status":"publish","type":"page","link":"https:\/\/www.canarie.ca\/fr\/procedure-douverture-directe-de-seance\/","title":{"rendered":"Recommandations concernant le probl\u00e8me soulev\u00e9 par la proc\u00e9dure d\u2019ouverture directe de s\u00e9ance (DSO) de SheerID"},"content":{"rendered":"\n

SheerID \u201cDirect Sign On (DSO)\u201d Issue Mitigation Recommendations<\/h1>\n\n
<\/div>\n\n

While SheerID have said that they did not store user credentials gathered during their DSO activities, nor were there any indications of breach, per standard cybersecurity protocols CANARIE recommends that you\u00a0reset any user\u2019s credentials who has accessed the SheerID service. <\/strong><\/p>\n\n

As those credentials might have been used on sites directly authenticated on the institutional Identity Management System (IdM), as well as on federated internal resources authenticated by your Identity Provider (IdP) software, you would examine both the logs of the services authenticated directly on the IdM and the logs of the IdP over the affected dates.<\/p>\n\n

Colleagues of the University of Trento shared some useful information to confirm if the bot used by SheerID has made any attempt to access your authentication systems:<\/p>\n\n

The user-agent declared by the bot is:<\/strong><\/p>\n\n

\"Mozilla\/5.0+(X11;+Linux+x86_64)+AppleWebKit\/537.36+(KHTML\\,+like+Gecko)+HeadlessChrome\/89.0.4389.82+Safari\/537.36\"<\/code><\/pre>\n\n
The source IP addresses used by the bot are two and apparently used in round-robin:<\/p>\n\n