Release date: 7 April 2022
An issue was fixed that would allow an attacker with privileged access to a robot to retrieve the LicenseKey (MachineKey) of other robots within the same tenant by brute forcing API calls to Orchestrator. This would theoretically allow the attacker to access resources restricted only to that robot.
Read the security advisory for UiPath - Robot Account Takeover.
Updated 11 months ago