Understanding the Risks and Mitigations of dylib Hijacking in macOS FileMaker Pro CVE-2023-42920 Source: https://fm-security.com/posts/dylib/ CVE macOS FileMaker Pro CVE-2023-42920 Menu Introduction The dylib hijacking vulnerability for macOS is well known and studied. But from a FileMaker developer’s point of view, I have not seen any analysis of this problem. I will begin a little bit from afar. Embedding into someone else’s
Decoding the fmp12 File Format: A Deep Dive into Passwords and Account Security Source: https://davidhamann.de/2024/06/17/how-does-filemaker-store-passwords/ Introduction On This Page I had been planning for a while to dive deeper into the fmp12 file format to explore how data is organized and how accounts and passwords are stored. A few months ago, I finally found the
Unlocking the Secrets of the FileMaker Server Keystore: A Cryptographic Exploration Source: https://davidhamann.de/2023/05/29/deciphering-the-filemaker-keystore/ Introduction On This Page While checking out how the FileMaker Pro to Server upload feature worked, I noticed that credentials were encrypted using a RSA public key before being sent to the server. I looked into FileMaker Server’s installation directory and found that
Uncovering XXE Vulnerabilities in FileMaker’s XML Parsing Source: https://davidhamann.de/2021/11/18/filemaker-xxe-vulnerability/ CVE FileMaker Pro CVE-2021-44147 A couple of months ago I looked more deeply into the “Import Records” functionality in FileMaker, especially the XML parsing, and was wondering if any XXE vulnerability may exist and how one could exploit this in technically interesting ways. The vulnerability is/was indeed there
Troubleshooting FileMaker Database Encryption Issues Source: https://davidhamann.de/2018/08/19/fix-error-853-when-encrypting-filemaker-databases/ Have you ever gotten the following error after trying to encrypt your FileMaker databases? Error 853 refers to One or more containers failed to transfer in the error code listing and herein usually lies the problem. When you encrypt your database, make sure to place the existing external container data into the