Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-24468: Advanced Authentication 6.4 Service Pack 1 Patch 1 Release Notes

Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2

CVE
#web#ios#android#mac#windows#google#microsoft#linux#auth#chrome#firefox

March 2023

Advanced Authentication 6.4 Service Pack 1 Patch 1 includes enhancements, and resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Advanced Authentication forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources. You can also post or vote for the ideas of enhancement requests in the Ideas forum.

For more information about this release and the latest release notes, see the NetIQ Advanced Authentication Documentation page.

If you have suggestions for documentation improvements, click at the bottom of the specific page in the HTML version of the documentation posted at the NetIQ Advanced Authentication Documentation page.

1.0 What’s New?

Advanced Authentication 6.4 Service Pack 1 Patch 1 provides the following:

  • Enhancements

  • Security Improvement

1.1 Enhancements

Advanced Authentication 6.4 Service Pack 1 Patch 1 includes the following enhancements:

  • FIDO2 Improvements

  • Ability to Add Twilio Subaccounts in the SMS Sender Policy

  • An Option to Allow Third-Party Service Providers to Select the Chain for Any Client

FIDO2 Improvements

The following enhancements have been added to the FIDO2 method:

  • Ability to Enroll Resident Credentials

    The administrator can allow users to enroll the FIDO2 method and store the Resident Credentials (security key) on the FIDO2-compliant device (YubiKey). With Resident Credentials, users can experience seamless login without specifying their username and password.

  • Username-less Login Support

    Advanced Authentication extends the FIDO2 method to support the username-less authentication to the Web Authentication events. The enrolled FIDO2 card contains the username. When the user taps the card, the username is filled in the respective field automatically. To configure the username-less authentication, three options have been introduced in the FIDO2 method.

  • Ability to Disable the PIN Prompt

    Advanced Authentication facilitates the administrator to mandate or hide the PIN prompt when users enroll, test and authenticate with the FIDO2 method.

    For more information, see FIDO2 in the Advanced Authentication - Administration guide.

Ability to Add Twilio Subaccounts in the SMS Sender Policy

This release provides ability to add the subaccounts of Twilio Parent account. With subaccounts, you can add Country Codes based on the customer’s (SMS receivers) geographic location. The subaccounts distinguish the usage based on team, customer or product, and provides clear billing data. Also, allows resource (phone number) mapping.

For more information, see SMS Sender in the Advanced Authentication - Administration guide.

An Option to Allow Third-Party Service Providers to Select the Chain for Any Client

This release introduces the option in the policy to allow the third-party service providers to select a preferred chain for any client, such as Windows Client, Mac OS X Client, and Linux PAM Client workstation. Then, route users to the selected chain during authentication.

For more information, see Enabling the Client Chain Selection in the Advanced Authentication - Administration guide.

1.2 Security Improvement

Advanced Authentication 6.4 Service Pack 1 Patch 1 release addresses CVE-2023-24468.

2.0 Resolved Issues

This release includes the following software fixes:

Component

Description

Administration

When a user sets to in the policy, then the list in the does not display all the available chains.

Administration

On the , enrollment of the U2F method fails on the following browser:

  • Google Chrome

  • Microsoft Edge

  • Mozilla Firefox

Administration

The option is modified to in the policy.

Administration

The option is modified to in the method.

Smartphone

When a user tries to authenticate with the method, a prompt to specify the PIN (User Verification) is not displayed on the Android devices.

Smartphone

When a user attempts to authenticate with the NetIQ Advanced Authentication iOS smartphone application by using the facial recognition, the application does not identify the face and prompts the user to re-authenticate. Users are experiencing infinite authentication loop.

Smartphone

When a user sets the option to in the NetIQ Advanced Authentication iOS smartphone application settings for face recognition authentication. Later, the user is unable to set the option to .

Smartphone

When a user sets the smartphone language to Arabic, the NetIQ Advanced Authentication iOS smartphone application stops working.

Windows Client

While connecting to the remote desktop on the Windows Client, the Advanced Authentication Credential Provider does not display the chains that require Device Service for the elevated access.

3.0 Upgrading

You can directly upgrade to Advanced Authentication 6.4 Service Pack 1 Patch 1 from 6.4.1.

_NOTE:_The following is the recommended upgrade sequence:

  1. Advanced Authentication servers

  2. Plug-ins

  3. Client components

    Any change in the upgrade sequence is not supported.

_NOTE:_The RAM requirements of Advanced Authentication have been changed in 6.4 as follows:

  • Minimum: 8 GB per server.

  • Recommended: 12 GB per server

Before upgrading your Advanced Authentication cluster to 6.4, ensure that the environment complies with the new requirements.

For more information, see Advanced Authentication System Requirements.

4.0 Known Issue

Advanced Authentication 6.4 Service Pack 1 Patch 1 does not have any known issue.

5.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email [email protected]. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

6.0 Legal Notice

© Copyright 2023 Micro Focus or one of its affiliates.

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/en-us/legal.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907