Summary
ESET Customer Advisory 2016-0016
October 18, 2016
Severity: Critical
Summary
ESET discovered an issue with ESET Secure Authentication which allowed bypassing two-factor authentication by following a certain scenario. ESET prepared a fixed build and released it for the affected users to download.
Customer Advisory
Details
On October 14, 2016, ESET internally identified a bug and closely afterwards we were notified independently by a tester. The bug allowed bypassing the second step (the one-time password) of two-factor authentication in a Remote Desktop Protocol connection when using ESET Secure Authentication 2.5.22.0. ESET promptly diagnosed the behavior and prepared a fixed build of ESET Secure Authentication 2.5.23.0, which was published on October 18, 2016.
Solution
A fixed build of ESET Secure Authentication 2.5.23.0 is available for download from ESET’s website. We recommend updating to this version.
Affected products and versions
- ESET Secure Authentication RDP component 2.5.22.0
Feedback & Support
If you have feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Support.
Version log
Version 1.0 (October 18, 2016): Initial version of this document