Security Advisories

Introduction

This page contains information about vulnerabilities discovered in Admin By Request, either specifically to our product or to third party components.

We urge customers to update versions in a timely manner.

We also urge customers to report a vulnerability, should they find one.

If you believe you have found a vulnerability in an Admin By Request product, please send us an email at security@adminbyrequest.com containing the following information:

Full contact information
Which product and version you believe the vulnerability to be present in
A description on how to re-create the vulnerability (or a video showcasing the process)
If possible, a working proof-of-concept showing the exploit in effect.

Our security team will start the investigative process and get back to you with any questions, status updates etc.

In this section

ABR-WIN-26-01

Related FAQ

Are you fully GDPR compliant?

Yes. For more information on how Admin By Request meets its compliance obligations and helps your organization do the same, refer to Compliance Mapping.

Do I need to approve each time a user wants admin access?

You do not need to approve each time a user wants admin access. You can use a setting after sign-in to allow elevation without approval. In this case, you still get the benefits of auditing; who elevated, when, and an auditlog of installed software and executed applications.

In auto-approval mode, you can (and should) require the user to document a reason for administrator elevation, which you can later use to cross-reference actual activity. You can (and should) also enable the Code of Conduct message/screen that will appear just before the session starts. The Code of Conduct is a screen/message that is used to inform the end user of company policy and penalties for abusing administrator elevation.

Change this setting in the portal at Settings > [OS] Settings > Authorization > AUTHORIZATION.

How do I pre-approve an app using the Auditlog?

Admin By Request allows for quick pre-approval of trusted applications from the Auditlog. Pre-Approval is based on the application vendor or checksum, visible when the Application Control screen is displayed (step 3 below).

NOTE

At the time of writing, pre-approval from the Auditlog is not available for Linux clients.

Once an application has been installed on an endpoint with Admin By Request:

Log in to the portal and navigate to the application’s corresponding entry in the portal Auditlog.
Expand on the application entry, and select Pre-approve this file under Actions:
On the Application Control screen, modify any settings as required. For more information on pre-approval settings, refer to the Settings Table below.
Click Save verify that the app has been added to the list of pre-approved applications.

For example, the following applications are pre-approved:

How does Admin By Request pricing work?

Under the Free Plan, 25 workstation and 10 remote access clients are always free - you can start with those right now. For a Paid Plan, it depends how many clients you need and which types they are (i.e. server or workstation). Please use the quote form here and we will return a quote today.

For more information, refer to Licensing.

How is data transferred to the cloud service?

This is fully explained in How We Handle Your Data. Please also refer to our SLA in the Trust Center.

For more information on how Admin By Request meets its compliance obligations and helps your organization do the same, refer to Compliance Mapping.

How would I setup an external auditor?

You can create a portal user account that can see only the auditlog and, optionally, the inventory. No other data will be visible.

What regulatory frameworks do you support?

Admin By Request can help you comply with a number of regulatory frameworks, including GDPR, ISO 27001, NIST SP 800-53, DORA and NIS2. We continually assess frameworks for compatibility and use their requirements as one of the inputs to our development process.

Refer to Compliance Mapping for more information.