By now everyone has likely come across the recent log4j exploit called "log4shell", recorded as CVE-2021-44228. Later, two more vulnerabilities were discovered, CVE-2021-45046 and CVE-2021-45105. We wanted to share our findings and recommended immediate remediation steps. We will update this post as new information becomes available.

Recently we faced an "interesting" problem: We received seemingly random reports for failing logins to our customer's website. Only after a lot of experimenting we could narrow the problem down to specific mobile devices. This forced us to go a level deeper and investigate the problem on the protocol level.