Ubisecure CustomerID 5.3.1 has been released.

This release contains a security bug correction.

New correction in CustomerID 5.3.1:

We’ve detected bug in our CustomerID 5.3 release. The issue does not exist in previous releases of CustomerID and there were only a small handful of customers who downloaded CustomerID 5.3 into their testing environments.

The bug is fully resolved with CustomerID 5.3.1 and the impacted version has been removed from our download page.

Observed bug in 5.3
If an end user accesses the Self Service UI then both standard attributes and any defined custom attributes found in the SQL database for the user record are decrypted and re-written to the SQL data base in un-encrypted format. These standard attributes encrypted includes user’s key personal information attributes.

• Any user attributes found in the LDAP database remain unaffected.

Resolution
CustomerID 5.3.1 can be found in the following location:

https://demo.ubisecure.com/extranet/downloads/CustomerID/5.x/5.3/

As mentioned, we have removed the CustomerID 5.3.0 release version originally found in the Identity Server 2018.1 release package and advise any Customer or Partner who has downloaded that version to remove it from use.

Customers who have installed CustomerID 5.3 should ensure that they upgrade to CustomerID 5.3.1 and review any users who have accessed the Self-Service UI checking those users’ attributes and custom attributes and re-encrypt them. (Note: Administrators can re-encrypt any user attribute from the Administrator UI or via a REST invocation.)

Please contact your Integration Partner or Ubisecure Account Representative with any questions. Bringing system flexibility and new features to ensure the best user experience possible for your businesses is our goal.