As a follow-up to our June 3rd post PS_TOKEN vulnerability and prevention, I wanted to share recent activity about which you might be interested.
As you might imagine, some of the more public PeopleSoft customers have started to become concerned especially since an attack could occur offline without being detected by the customer.
At GreyHeller, things escalated when one of our Higher Education customers discovered that they were one of the universities Security Week had found. Due to these concerns, and because this customer had processes dependent on the PS_TOKEN cookie, this customer made the decision to shut down access to its production system until satisfied that this risk was addressed.
Following the shutdown, this organization looked at its options, which included the following:
The first two options would require an extensive outage that would affect employees as well as students.
Fortunately through collaboration with GreyHeller, this customer was able to meet its needs with only a brief outage. The ultimate solution will allow this organization to continue to operate PeopleSoft with the strongest protection possible with respect to this issue:
Additionally, GreyHeller was able to address the customers risk without installing or updating software or accessing the PeopleSoft servers directly, which was extremely beneficial to them as their PeopleSoft systems are managed by a hosting provider.