IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace Order Management (OnPrem & OMoC)
Created by Guest
Created on Aug 22, 2023

RELATED IDEAS

Add captcha for IBM WSC OrderHub portal for additional security

Problem Statement - Brute-force attack/Reverse brute-force attack issues in the Order Hub console reported by security team.

Description - When the attacker gets a hold of either username or password by some means, they can systematically check for all the possible combinations until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. In a reverse brute-force attack, a single (usually common) password is tested against multiple usernames or encrypted files. The process may be repeated for a select few passwords. In such a strategy, the attacker is not targeting a specific user.

Solution: Integrating captcha or MFA for additional security

What is your industry? Consumer Products
How will this idea be used?

If captcha is implemented, it can prevent auto bots from performing brute/reverse brute force attacks if the attacker gets a hold of username or password. With the current implementation of using just username/password to access the console, it poses a security risk. In the times, when almost most of the enterprise applications use captcha or employ MFA to prevent such risks, it's necessary to be in line with the security threats that could be prevented in the near future.

  • Admin
    Bharat Khade
    Oct 19, 2023

    Hi Suraj, Please check this. IDp/Single sign on option is now available for OH. For WSC, please check with support.

    https://www.ibm.com/docs/en/order-management-sw/10.0?topic=hub-setting-up-federated-login-order10:54


    https://www.ibm.com/docs/en/order-management?topic=new-in-order-hub

    thanks,

    Bharat K

    Reply
  • Guest
    Sep 26, 2023

    Hi @Bharat, The product provides SSO feature for Call center, application console, SBC and other modules.

    May I know when the Single Sign-on support for WSC & OrderHub will be available? Can you share the timeline?

    Reply
  • Admin
    Bharat Khade
    Sep 7, 2023

    Hi Suraj, IDP integration feature (mechanism) is getting developed and tentatively planned to be released in Q3 23. Keep checking the release updates and plan for your side of integration with third party IDP to introduce captcha.

    Reply
  • Admin
    Bharat Khade
    Aug 31, 2023

    Hi Suraj, Captcha feature is not the direct OMS product feature but the IDP feature. You need to work with Identity provider company if they provide CAPTCHA feature and integrate WSC, OrderHub with them.



    Reply
  • Guest
    Aug 25, 2023

    By using Burp's Intruder tool to automatically send several requests in a row, the testing team sent 101 requests to the *POST https://acc.omnihub.3stripes.net/wsc/store/processLogin.do* endpoint to brute-force the user's password in an automated way.

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.