Getting Started > Security Archives

CVE-2023-44487 – HTTP/2 Rapid Reset Attack and the Halo Hosted Platform

The Vulnerability The official statement from NIST is available HERE The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. How this affects Halo This vulnerability exists in the HTTP/2 protocol and is not specific to […]

CVE-2024-6200 – Stored Cross-Site Scripting in Tickets

General Information This article contains frequently asked questions relating to the store cross-site scripting vulnerability affecting Halo versions up to 2.143.6. Users with the permission to open tickets may embed malicious JavaScript code into them, that, when accessed by another user, executes within the context of that user. Are hosted Halo instances affected? Hosted customers […]

CORS Policy on Halo API

By default, the CORS policy on all Halo web apps is a wildcard that allows all. To enable a stricter CORS policy to block requests from other origins, follow the below. In appsettings.json in the API and Auth Server add "UseCorsPolicy": true. Also, add "CorsWhiteList" as an array of strings. Enter the hostname of each […]

CVE-2023-4863

The issue is resolved as of version 2.170.1 see Update 31/10/2024 for more information General Information This article contains frequently asked questions relating to the heap buffer overflow vulnerability affecting libwebp. On September 11, 2023, Google published a stable channel update to address the vulnerability with weblibp and assigned CVE-2023-4863 to track this vulnerability. libwebp […]

Rolling back versions v2.45 and above to versions below v2.45

A change has been made to NHD_Roleclaims and NHD_Userclaims where the asset claims have values upto 3 rather than 2. This means when rolling back any claims relating to assets that have value of 3 in either of these tables need to be dropped down to 2. Run the following 2 queries: Update NHD_roleclaims set […]

Setting up Two Factor Authentication

Two-factor Authentication; how to use and implement it. Agents in Halo can use 2FA (Two Factor Authentication) to secure their account for any reason seen fit. This could be for data protection, security whilst out and about using Halo on mobile or a laptop, or if you have staff using Halo in a public facing […]

Platform

Latest News

Halo Impact: Empowering the World’s Largest Charities and Supporting Global Disaster Relief

Halo and Cubet Partner to Accelerate ITSM, PSA, and CRM Deployments Across India

$1M Forever: Halo’s Enterprise Revolution Launches for Select Global Organisations

Software

HaloITSM

The unified Service Management solution, redefined for Enterprises demanding best-in-class results.

HaloPSA

Intuitive, all-inclusive PSA solution, built to transform and modernise the delivery of managed IT services.

HaloCRM

Unify customer-facing teams to boost leads, conversions and customer service with the all-in-one CRM.

Solutions

By Use

By Sector

Customers

Partner

Recent Case Studies

UKEF Empowers Staff and Exporters Through a Single Platform

AHDB Unifies Compliance and Service Delivery with HaloITSM

SmartSearch Strengthens Security and Simplifies Service Management with HaloITSM

Natural History Museum transforms adoption and visibility with HaloITSM

'The Halo Way'

Company