KBI 311853 Potential Security Issue Where Argent AT Shares Are Accessible For Everyone By Default
Version
Argent Advanced Technology – All Versions
Date
Wednesday, 5 August 2020
Summary
The Argent AT setup program configures product shares for each installed product
The shares are mapped to the product’s home directory
For example, the share “ArgentGuardianUltra” is configured for Argent Guardian Ultra and mapped to X:\Argent\ArgentGuardianUltra
The shares are used for communication in the following scenarios:
- Argent Non-Stop motors exchange runtime information by reading from other motors’ shares
- The Client GUI reads startup information from the product shares on the server
By default, these shares are accessible by everyone
This could be a potential security issue in some network environments
For users who only install the central Argent AT Engine and do not use the client GUI, these shares can be safely removed
For users who use Argent Non-Stop Monitor and/or the Client GUI, the security can be tightened by making the shares only accessible by the Argent AT service account and whoever uses the GUI
Technical Background
N/A
Resolution
N/A