Kiteworks

Help Secure Kiteworks

  • $250 – $25,000 per vulnerability
  • Up to $50,000 maximum reward
Submit report

Latest Features and New API Details

We have exciting news for Accellion Enterprise Content Firewall !

New Features of the Admin Console

  • File integrity monitoring improvements: Additional file integrity monitoring alerts have been added to aid in the detection of system intrusion. As earlier, this system will generate realtime alerts if abnormalities are detected. When file integrity monitoring generates these alerts, an email is sent out to the system administrator based on the level of the alert. An event is also logged which in turn pushes the alert to any configured syslog service.
  • Full stack syslog: Additional system logs are now exported which can be used to identify user privilege escalations and malicious traffic to Kiteworks. These improvements push shell logs and Webserver logs.
  • Content encryption: User-generated files are now automatically encrypted when uploaded to the system. If upgrading to 7.4.1, an encryption migration script will automatically run in the background and encrypt existing user-generated files. An alert will be displayed on the dashboard showing the status of the encryption process.
  • AWS KMS for management of ACFS volume keys: The AWS (Amazon Web Services) Key Management Service (KMS) has been integrated with Kiteworks to let you create and manage cryptographic keys as well as control their use across a wide range of Amazon Web Services WS services. The integration lets Kiteworks administrators choose AWS KMS as an HSM provider to protect file storage keys. AWS KMS is a SaaS that provides key management to all other Amazon and 3rd party services. This feature only works on CentOS 7 systems.

New APIs

Details APIs Role
New end-points for Time-based OTP (TOTP) GET /rest/users/me/tfa/setupTotpSecret, POST /rest/users/me/tfa/verifyTotpSecret , POST /rest/users/me/tfa/resetTotpSecret End User
Salesforce Lightning initialize API POST /rest/container/salesforce/initialize End User

As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.

Happy Hunting!

Lina
Lina