Trust Center

Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Welcome to Kandji's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
SOC 2 Logo
SOC 2
Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Documents

All
Public
Private
Security Whitepaper
SOC 2
CAIQ
CAIQ Lite
Kandji Migration Guide
Network Diagram
Other Reports
Pentest Report
SOC 2 Report
HECVAT Full
Cyber Insurance
Risk Management Policy

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Third Party DependenceYes
See more

Product Security

Audit Logging
Data Security
Integrations
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Self-Assessments

CAIQ
CAIQ Lite
HECVAT Full
See more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
See more

Legal

SubprocessorsAmazonHubSpotCloudflareMailgunMaze
Cyber Insurance
Data Processing Agreement
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
BC/DR
Infrastructure Security
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Spoofing Protection
See more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
See more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
See more

Security Grades

ImmuniWeb
Kandji Web Application
A
Qualys SSL Labs
Kandji Web Application
A+
Security Headers
Kandji Web Application
A

Trust Center Updates

Kandji's Response to OpenSSL

IncidentsCopy link

The Kandji Security team has investigated and continues to monitor the OpenSSL Security Advisory dated: [01 November 2022]. OpenSSL is an open-source library that is the most commonly used in web applications for secure data transfers. Websites often use OpenSSL to enable Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption.

On Tuesday, November 1st the OpenSSL Team released a security advisory about a newly discovered vulnerability within the openssl library which could affect the security of the operating systems and applications provided by several popular vendors.

The OpenSSL team provided the following overview of the vulnerability:

“An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution depending on stack layout for any given platform/compiler, [CVE-2022-3602]” the OpenSSL Project explained in its changelog version 3.0.7. An attacker can exploit CVE-2022-3786 just by creating a malicious email address to “overflow an arbitrary number of bytes containing the . character (decimal 46) on the stack.”

Based on the statements from the OpenSSL team: To perform the attack, an attacker must either expose a TLS client to a malicious server. Conversely, in a vulnerable TLS server (web server, api endpoint, etc), this can be triggered if the server requests client authentication and a malicious client connects.

The OpenSSL team has not detected any incident of exploiting one of these vulnerabilities in the wild. Due to OpenSSL being so widely used, the potential magnitude of this vulnerability could have major implications for organizations spanning all sizes and industries, hence the urgency to patch and update systems.

As soon as Kandji learned of this vulnerability, we promptly evaluated the Kandji SaaS (Software-As-A-Service) platform, the Kandji Self Service App, and also all supporting systems to determine what might be impacted and methodically set about remediating any exposure.

It has been determined by Kandji Engineering and Security teams that the Kandji product does not utilize the affected versions of OpenSSL. As Kandji does not use the affected versions of OpenSSL , Kandji is not impacted by the openssl vulnerabilities: (CVE-2022-3602 and CVE-2022-3786).

Kandji continues to monitor the situation and does not expect to be impacted by any further developments or discoveries related to the OpenSSL issue.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered BySafeBase Logo