November 17, 2015 @ 9 am CST
While the message below looks like a new vulnerability it isn't, it's just a warning. This vulnerability can be avoided if:
- Magento has the latest security patches and updates.
- You limit administrator access to the Magento backend.
- You do not make every Magento user an Administrator and instead limit access for your users (users should only have access to features that are required for that user).
Modern Retail has updated every Magento website we manage with the latest security patches and updates, so #1 is not an issue. However, we need your hep to ensure the users accessing Magneto at your organization are using strong passwords (#2) and you have limited access for these users (#3).
Modern Retail can install an extension to force users to use stronger passwords and expire the passwords on a schedule. Please submit a Support Request if you would like us to install this extension for you.
If you have any questions about this announcement, please let us know. Thank you.
November 16, 2015 @ 9 pm CST