Trust Center

Start your security review
View & download sensitive information
Search items

Overview

Welcome to Kandji's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

AWS Qualified Software Logo
AWS Qualified Software
CCPA Logo
CCPA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Security Whitepaper
ISO 27001
ISO 27001 SoA
SOC 2
CAIQ
CAIQ Lite
Cyber Insurance
Network Diagram
Pentest Report
HECVAT Full
Risk Management Policy
Kandji Migration Guide
PCI-DSS SAQ AoC

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Third Party DependenceYes
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Pentest Report
Security Whitepaper

Self-Assessments

CAIQ
CAIQ Lite
HECVAT Full
View more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
BC/DR
Infrastructure Security
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Spoofing Protection
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

ImmuniWeb
Kandji Web Application
A
Qualys SSL Labs
Kandji Web Application
A+
Security Headers
Kandji Web Application
A

Trust Center Updates

Kandji's response to CVE-2023-38545 (curl SOCKS5 heap buffer overflow )

IncidentsCopy link

The Kandji Security team has investigated and continues to monitor the curl security advisory CVE-2023-38545 (curl SOCKS5 heap buffer overflow) disclosed on 11 October, 2023.

Kandji has assessed the risk for CVE-2023-38545 (curl SOCKS5 heap buffer overflow) using our internal processes and has determined that the vulnerability does not create a vector for exploitation in Kandji’s infrastructure. As there is not a vector for exploitation, Kandji will apply updates via our regular update processes instead of via an expedited process.

The SOCKS5 protocol is not in use in Kandji’s infrastructure and Kandji has no clients or services that communicate with non-Kandji infrastructure using SOCKS5.

CVE-2023-38545 only presents an attack surface in very specific use cases related to the use of the SOCKS5 protocol by libcurl or by the curl CLI tool with the limit-rate command line option configured with one of a set of specific non-default values.

As this attack surface is not present in Kandji infrastructure, Kandji infrastructure is not vulnerable to this attack.

Kandji consulted the following technical resources while assessing this risk:

Published at N/A*

Kandji's response to OpenSSL vulnerabilty CVE-2022-3786 (x.509 certificate validation stack buffer overflow)

IncidentsCopy link

The Kandji Security team has investigated and continues to monitor the OpenSSL Security Advisory dated 01 November, 2022.

OpenSSL is an open-source library that is the most commonly used in web applications for secure data transfers. Websites often use OpenSSL to enable Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption.

On Tuesday, November 1st the OpenSSL Team released a security advisory about a newly discovered vulnerability within the openssl library which could affect the security of the operating systems and applications provided by several popular vendors.

The OpenSSL team provided the following overview of the vulnerability:

“An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution depending on stack layout for any given platform/compiler, [CVE-2022-3602]” the OpenSSL Project explained in its changelog version 3.0.7. An attacker can exploit CVE-2022-3786 just by creating a malicious email address to “overflow an arbitrary number of bytes containing the . character (decimal 46) on the stack.”

Based on the statements from the OpenSSL team: To perform the attack, an attacker must either expose a TLS client to a malicious server. Conversely, in a vulnerable TLS server (web server, api endpoint, etc), this can be triggered if the server requests client authentication and a malicious client connects.

The OpenSSL team has not detected any incident of exploiting one of these vulnerabilities in the wild. Due to OpenSSL being so widely used, the potential magnitude of this vulnerability could have major implications for organizations spanning all sizes and industries, hence the urgency to patch and update systems.

As soon as Kandji learned of this vulnerability, we promptly evaluated the Kandji SaaS (Software-As-A-Service) platform, the Kandji Self Service App, and also all supporting systems to determine what might be impacted and methodically set about remediating any exposure.

It has been determined by Kandji Engineering and Security teams that the Kandji product does not utilize the affected versions of OpenSSL. As Kandji does not use the affected versions of OpenSSL , Kandji is not impacted by the openssl vulnerabilities: (CVE-2022-3602 and CVE-2022-3786).

Kandji continues to monitor the situation and does not expect to be impacted by any further developments or discoveries related to the OpenSSL issue.

Published at N/A*

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo