AuthLite Upgrade Advisory #1

Overview

On November 11, 2013, Collective Software discovered and fixed a potential information disclosure bug of moderate impact, that could ultimately be used to launch privilege escalation attacks against an affected AuthLite installation and its domain users. This issue can only impact customers who have AuthLite deployed in their Active Directory.

To eliminate the potential for information disclosure in your AuthLite deployment, every customer using AuthLite in their domain should take one of the following steps as soon as possible:

For AuthLite 2.0 users: Install version 2.0.33 or later from AuthLite.com.
For AuthLite 1.x users: Install version 1.2.28 or later from AuthLite.com.

If you require further details, or assistance with installing the upgrade, please open a Support Request from our Support page.

Common Questions and Answers

Should I upgrade from v1.x to version 2?

No, you should probably just update to the latest 1.2 build. Version 2 is a much more complex product and a proper upgrade requires a substantial amount of planning, configuration, and testing. We even offer professional services just to help with this. In short, it's not something to be undertaken lightly.

My Replay Windows stopped working after the update, what happened?

Thanks to a customer report we discovered a bug introduced in 2.0.30 that made previous replay window settings fail until they were re-saved in the configuration. We fixed this issue in 2.0.33. You could work around the issue by going into each replay window setting and re-applying the settings. Contact Support if you need assistance.