Bypassing of two-factor authentication fixed
ESET Customer Advisory 2016-0016
October 18, 2016
ESET discovered an issue with ESET Secure Authentication which allowed bypassing two-factor authentication by following a certain scenario. ESET prepared a fixed build and released it for the affected users to download.
On October 14, 2016, ESET internally identified a bug and closely afterwards we were notified independently by a tester. The bug allowed bypassing the second step (the one-time password) of two-factor authentication in a Remote Desktop Protocol connection when using ESET Secure Authentication 22.214.171.124. ESET promptly diagnosed the behavior and prepared a fixed build of ESET Secure Authentication 126.96.36.199, which was published on October 18, 2016.
Affected products and versions
- ESET Secure Authentication RDP component 188.8.131.52
Feedback & Support
Version 1.0 (October 18, 2016): Initial version of this document