Hi,
There is an issue flagged by a customer. “Users can upload any file type by bypassing the Attachment Control. This issue has been flagged by our Information Security Team.”
Bypassing attachment control
Can you clarify what it means by “bypassing the attachment control”? The control itself does have properties to specify what file types are allowed, I’m assuming there was a way to get around whatever file types were configured there?
+1- Nintex Employee
Hi, the user is able to bypass the custom two-factor authentication mechanism by intercepting the request and manipulating the data to redirect to the main page.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.