Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics NAV forum
Unanswered

Dynamics NAV 2009 R2 Security Issues

Posted on by 244

Hi,

One of Client using NAV 2009 R2 Classic client. They had done penetration testing from the internal network and they use Windows Authentication. They had found few security issues. One of them is they mentioned "Inadequate access Controls in Place". It means Pentester is able to intercept TCP data and capture the SID of any user – userID is also exposed. Therefore, any login can be intercepted and also for existing users with lower level of access, they are able to elevate their access with the same process.

There are few other points but this is critical? Is there any way we can address this.

I understand NAV only adds security on to top of SQL Server. It's purely not Navision issues.

Any comments? Appreciate your help.

Thank you!

Regards,
Anil

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Anton Venter – Community Spotlight

Kudos to our October Community Star of the month!

Announcing Our 2024 Season 2 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Dynamics 365 Community Newsletter - September 2024

Check out the latest community news

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 290,558 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 228,647 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans