Windows Authentication security improvements
The Traka Business Engine, Traka Admin and Traka Web products have been updated to use the built-in security for Windows to authenticate and authorise users logging in into Traka Web.
Reduce risk of DOM-based open redirection vulnerabilities
In instances where navigation within Traka Web requires a return URL, additional validation has been added to ensure the URL is within the Traka Web application.
New setting to control password input storage in the browser
As a security enhancement, there is now an option in Traka Web to allow or deny the Traka Web password field to store the entered password in the browser.
Security delay when the wrong login credentials are entered
In order to prevent brute force login attempts into Traka Web, a 1 second delay has been added whenever the wrong login is entered. This delay increases exponentially upon every unsuccessful login in a session.
Added function to target textbox inputs to prevent XSS attacks
By preventing scripts to be pasted or inputted into Traka Web textboxes, we are reducing the impact of this vulnerability and making Traka Web a safer product.
Plus, numerous additional updates to improve Cross-Site Scripting attack protection.
Visit the support website to read the complete release notes, and to download the latest versions of Traka Web and Traka Touch.