AuthLite Upgrade Advisory #6
On September 26, 2016, AuthLite LLC corrected a defect introduced in AuthLite version 2.1.21 which caused AuthLite to be unable to read the command-line arguments of logon processes. This could have affected the enforcement of the Forced 2-factor Processes list, and also anyone who relied on the built-in enforcement of the Network Policy Server plugin to block 1-factor AuthLite users.
This issue is fixed in v2.1.24. Instructions are included below on how to check and upgrade your installed version.
Affected AuthLite Versions
- AuthLite version 1.x and 2.0: not affected.
- AuthLite version 2.1.0-2.1.20: not affected.
- AuthLite version 2.1.21-2.1.23: is affected, please see below for update instructions.
What Should I Do?
You can eliminate this issue by performing the following actions on each system where AuthLite is installed on an NPS server, or a system that has items defined in the "Forced 2-factor Processes" list:
Install an updated AuthLite version on each system
- Upgrade the software to 2.1.24 or later, from AuthLite.com
- Reboot the system to load the new version.
Common Questions and Answers
What is my exposure?
If you run an affected version on a system that uses the Forced 2-factor Processes list, or the Network Policy Server plugin, AuthLite enforcement may not be working completely as you expect. Please upgrade to the new version and then test your authentication use cases to ensure that 1-factor logins are blocked as you expect, and 2-factor logins work as you expect.
Should I upgrade if I am not affected?
If you are on version 1.2, stay there unless you have consulted with our support staff. Version 2 is a much more complex product and a proper upgrade requires a substantial amount of planning, configuration, and testing. We offer professional services just to help with this. In short, it's not something to be undertaken lightly.
If you are on version 2.0, you may wish to move to the newest 2.0 build. You can upgrade to version 2.1 at your discretion, but as of this article there are no compelling reasons to do so. Be advised that version 2.1 has a new minimum .NET framework version of 4.0.
Where do I have to install the update??
Install the updated software on all systems where AuthLite is installed on an NPS server, or a system that has items defined in the "Forced 2-factor Processes" list.
I need help with this, what should I do?
If you require further details, or assistance with installing the update, please open a Support Request from our Support page and reference Upgrade Advisory #6