Documentation

 

 

9.3.0 Hotfixes

The following is a list of hotfixes for SecureAuth IdP version 9.3.0.

Release No.Release DateRef IDIssue
9.3.0-1817-Jun-2020EE-1762

Adaptive Authentication Licensing – The Adaptive Authentication settings were not displaying the correct license information.

Install this hotfix if you have: 

  • Adaptive Authentication rules enabled in the Adaptive Authentication tab
9.3.0-1705-Jun-2020EE-1644

Security Fix – Implemented additional input validation to prevent double curly brackets ( {{ or }} ) in form input fields, including the UserID field.

CVSS Score: 2.0

This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance.

EE-1680

Debug Log Cleanup – Debug logs required changes.

This hotfix is required for all 9.3 appliances.

EE-1745

Chrome 404 Error on Manage Accounts Page – Chrome browser would give a 404 error to users on the Manage Accounts (help desk) page if the page timed out and user logs back in, whereas other browsers would redirect them back to the page after authentication.

Install this hotfix if you have:

  • Manage Accounts page configured in the Post Authentication tab
  • Users employing Chrome browser
9.3.0-16





04-Feb-2020





EE-1426

Content and Localization Spacing Issue – Resolves issue in which after making customizations that include leading spaces, the spacing presents as expected until content and localization is edited at a later point, where then the spacing is removed.

Install this hotfix if you have:

  • Changes in the Content and Localization
EE-1432

SAML Request Signature Validation – In certain SAML workflows, signature validation was not successful.

Install this hotfix if you have:

  • SAML applications configured in the Application Manager
  • SAML applications configured in the Post Authentication tab
EE-1519

SameSite Cookie attribute support – Required for compatibility with Google Chrome 80. 

This hotfix is required for all 9.3 appliances.

Ensure that the Microsoft .NET patch is applied prior to installing this hotfix. Read https://support.secureauth.com/hc/en-us/articles/360038330652 for more information.

EE-1530

Help Desk Page Input Requirements – Resolves issue on the Help Desk client-side page, where some fields were acting as required to update the user profile even though they were configured to be “Show Disabled”.

Install this hotfix if you have:

  • Help Desk / Manage Accounts page configured in the Post Authentication tab with group restrictions on the Data tab
EE-1540

OIDC Workflow Wipes KBAs – After authenticating in an OIDC workflow with consent storage, users’ knowledge-based answers is no longer deleted from their profile.

Install this hotfix if you have:

  • OIDC workflows with consent storage configured in the Post Authentication tab
  • Knowledge-based questions and answers enabled as an authentication method in the Multi-Factor Methods tab
EE-1564

Inline Password Reset Issue – Resolves issue with using the 2016 Light Theme, where the Inline Password Reset function was not working as expected for all use cases.

Install this hotfix if you have:

  • Inline Password Reset enabled in the Password Settings of the Workflow tab
EE-1576

Inline Password Reset Forced Updates – Resolves issue in which users were being forced to update their password even though their password had not yet expired.

Install this hotfix if you have:

  • Inline Password Reset enabled in the Password Settings of the Workflow tab
9.3.0-15

20-Dec-2019EE-1373

IP Evaluation Update – The IP Eval service now uses the appropriate IP address for WS-Trust requests when using a load balancer.

Install this hotfix if you have:

  • IP address evaluation enabled in Adaptive Auth in the Policy OR in the Adaptive Authentication tab
  • WS-Trust integrations
EE-1388

API Password Reset – IdM API password reset did not always work if user account was locked.

Install this hotfix if you have:

  • Password Reset IdM API endpoint enabled in the API tab
EE-1391

Updates to Secure Storage – Updates made to Secure Storage to avoid corruption.

This hotfix is required for all 9.3.0 appliances.

9.3.0-14




09-Dec-2019EE-1217

Updates to Audit Logging for OIDC – Audit Logging updated for OIDC workflows to provide more clarity.

Install this hotfix if you have:

  • OIDC integrations
EE-1422

Adaptive Auth API Response Updates – Resolved issue when using the Authentication API for adaptive authentication calls; not all actions were available to enable the desired workflow.

Install this hotfix if you have:

  • Authentication API enabled in the API tab
  • Adaptive Authentication rules enabled and used via the API

EE-1434

Yubikey Enrollment with Proxy – Resolved issue in which Yubikey enrollments were not honoring the proxy settings configured in the realm, which led to user verification failures.

Install this hotfix if you have:

  • Yubikey enrollment configured as a Begin Site in the Workflow tab
  • Proxy settings configured in the System Info tab
  • SecureAuth IdP appliance that can only reach the api.yubico.com endpoints via configured proxy
EE-1442

Help Desk Verification Unmasking – When typing in the help desk verification answer on the Self-service Account Update page, there is now an option to “unmask” the answer, as there is with knowledge-based answers.

Install this hotfix if you have:

  • Help Desk Verification enabled as an option for the Self-service Account Update page
EE-1455

Enhancements to User Risk Logging – Enhancements were made to logging for user risk information gathered during adaptive authentication, to provide more clarity.

Install this hotfix if you have:

  • User Risk enabled in a Policy OR
  • User Risk enabled in the Adaptive Authentication tab
EE-1475

Web.config Updates for SISU – Web.config updates required for SISU to work properly.

Install this hotfix if you have:

  • Attempted to set up a 9.3 version of SecureAuth IdP on a 19.07 image
9.3.0-1329-Oct-2019EE-1355

Last Access Time Issue – For device enrollments (Authenticate app), issue is resolved in which an enrollment was not replaced when the end user reached the maximum number of enrollments allowed. 

Install this hotfix if you have:

  • End users employing Authenticate app for multi-factor authentication (MFA)
  • Defined maximum number of device enrollments allowed per end user
  • "Replace by Last Access Time" enabled for device enrollments 
EE-1363

Support for AssertionConsumerServiceIndex (SAML) – SecureAuth IdP now supports AssertionConsumerServiceIndex for SAML integrations.

Install this hotfix if you have:

  • SAML integrations that require AssertionConsumerServiceIndex instead of AssertionConsumerServiceURL, for example: Cisco Jabber

For instructions about applying the hotfix for this feature, see SAML integrations using AssertionConsumerServiceIndex hotfix

9.3.0-1111-Sep-2019


EE-1206

TRX Performance Issue – When there is latency reaching the SecureAuth TRX cloud endpoint, it no longer causes application latency, which would impact user login performance.

This hotfix is required for all 9.3 appliances.

EE-1357

mS-DS-ConsistencyGUID Support for Office 365 Integration – The mS-DS-ConsistencyGUID attribute is now supported by SecureAuth IdP to be used as the ImmutableID value for integrations with Office 365.

Install this hotfix if you have:

  • Integration with Office 365
  • Issues using objectGUID as the ImmutableID
EE-1365

Enhance Device Recognition Logging – Device Recognition logging was enhanced to make the results of the analysis clearer. 

Install this hotfix if you have:

  • Realms that use Device / Browser Fingerprinting as the Client Side Control (Workflow configuration)
EE-1367

Geo-velocity Cloud Communications Error – When comparing previous and current IP addresses, some logins were generating an “unavailable” result.

Install this hotfix if you have:

  • Geo-velocity enabled as an Adaptive Authentication step
9.3.0-1006-Sep-2019EE-1354

Symbol-to-Accept API Support – The Symbol-to-Accept MFA method is now supported in the Authentication API.

Install this hotfix if you have:

  • Enabled Authentication API in the API tab
  • Users employing the Authenticate mobile app for authentication
  • Symbol-to-Accept enabled as an authentication method
9.3.0-913-Aug-2019EE-1305

QR Code Enrollment False Error – The hotfix resolves an issue where the QR Code App Enrollment page was inaccurately displaying an error (“Invalid Code. Please try again.”), despite successful enrollment. This was caused by double-clicking before the page finished loading.

Install this hotfix if you have:

  • SecureAuth App Enrollment (QR Code) configured in the Post Authentication tab
  • and 2016 Light Theme selected in the Overview tab of the enrollment realm
EE-1315

Arbitrary File Upload Vulnerability – An authenticated privileged user can no longer upload arbitrary file types.

CVSS Score: 8.4
NOTE: This vulnerability applies ONLY to the Web Admin application.

This hotfix is required for all customers on SecureAuth IdP version 9.3 to ensure the security of the appliance.

EE-1326

Authentication API Updates for User Risk – When using the Authentication API for adaptive authentication, the User Risk feature is now effectively accessed during analysis.

Install this hotfix if you have:

  • Authentication API enabled in the API tab
  • and (same realm) User Risk enabled in the Adaptive Authentication tab
EE-1329

OATH Token JSON Encryption Issue – Data is now correctly read when JSON encryption is selected as the OATH Token Data Format method.

Install this hotfix if you have:

  • JSON selected as the Data Format in the Profile Fields section of the Data tab for OATH Tokens
  • Time-based Passcodes (OATH Tokens) enabled as an MFA method for users in the Multi-Factor Methods tab
  • Users employing SecureAuth Authenticate app or third-party TOTP applications for MFA
9.3.0-826-Jul-2019EE-1282

Password Throttling Count Issue – The saved count for Password Throttling now effectively clears the bad password attempts to make way for the valid password entries.

Install this hotfix if you have:

  • Password Throttling enabled and configured in the Workflow tab
EE-1273

Logging Updates – Adaptive Authentication logging now correctly writes actual parameters instead of dictionary lines for certain requests.

Install this hotfix if you have:

  • Adaptive Authentication rules enabled in the Adaptive Authentication tab
  • Logging enabled (Logs tab) in realms where Adaptive Authentication is in use
9.3.0-726-Jun-2019EE-1220

New userAccountControl Values – SecureAuth IdP now has the most up-to-date userAccountControl values to ensure that certain account statuses are handled appropriately in transactions between LDAP providers and SecureAuth IdP.

Install this hotfix if you have:

  • LDAP directory integrations such as Active Directory (AD) and so on
  • Help Desk functionality to manage LDAP user accounts by means of SecureAuth IdP
9.3.0-605-Jun-2019EE-1225

Mobile Cookie Name – Mobile cookies that include spaces in the name now process correctly.

Install this hotfix if you have:

  • Realms using Mobile Enrollment and Validation as the Integration Method (Workflow configuration)
9.3.0-521-May-2019EE-1186App Enrollment Maintenance – App enrollment for users made on previous versions of SecureAuth IdP work correctly after the upgrade. 
9.3.0-4



10-May-2019



EE-1073Password Reset LDAP Issue – Administrative Password Reset with History Check functionality now working with LDAP containing protocol requirements.
EE-1082Authentication API Parity – The Yubico OTP option is now available to use via the API and also supported through browser workflow.
EE-1149Passcode Registration Screen – When using the Default theme, the SecureAuth Passcode registration screen now works correctly.
EE-1167Incorrect SMS MFA Option – When users select the SMS OTP option, they no longer randomly receive an incorrect Link to Accept message.
EE-1182Begin Site Redirect Encoding – Begin site redirect is no longer double encoding the request query, causing the realm to break and the workflow to halt.
9.3.0-312-Apr-2019EE-1075Data Parsing in SAML Attribute – Data is now correctly parsed when sent in a SAML attribute.
EE-1124OIDC Claim Issue – Sub claim is now present when updates are made to library. 
EE-1089Application API Proxy Support – Calls made through the Application API correctly honors proxy settings.
EE-1120URL Encoding Updates – Updates to URL encoding to ensure security.
EE-1131Device Fingerprint Space Issue – The Device Fingerprint cookie name now parses correctly if a space is present in the generated cookie name.
EE-1067Logging Updates – Updates to SecureAuth IdP logs to ensure security.
9.3.0-214-Mar-2019EE-1049Auto-encrypt Tools Issue – Issue resolved in which auto-encrypting the web.config caused SecureAuth tools to work ineffectively.
EE-1088SecureAuth IdP Requirements for Login for Windows – Changes made to accommodate AD user check issues addressed in Login for Windows v1.0.4.
9.3.0-120-Feb-2019EE-1030

Google Social ID Login – Modifications made to support Google API updates for Social ID login.

EE-1049

Auto-encrypt Tools Issue – Issue resolved in which auto-encrypting the web.config caused SecureAuth tools to not function effectively.

EE-1056Web Admin UI Updates – Updates made to the Adaptive Authentication UI reflect supported features.
EE-1067Logging Updates – Enhancements made to logging ensure greater security.

Affected SecureAuth IdP Version: 9.3

Support Information: Contact SecureAuth Support (support.secureauth.com, support@secureauth.com, or 1-866-859-1526) to have the latest hotfix installed on your SecureAuth IdP v9.3.x appliance.

  • No labels