Home article search

Bypassing of two-factor authentication fixed

ESET Customer Advisory 2016-0016
October 18, 2016

Severity: Critical


ESET discovered an issue with ESET Secure Authentication which allowed bypassing two-factor authentication by following a certain scenario. ESET prepared a fixed build and released it for the affected users to download.


On October 14, 2016, ESET internally identified a bug and closely afterwards we were notified independently by a tester. The bug allowed bypassing the second step (the one-time password) of two-factor authentication in a Remote Desktop Protocol connection when using ESET Secure Authentication ESET promptly diagnosed the behavior and prepared a fixed build of ESET Secure Authentication, which was published on October 18, 2016.


A fixed build of ESET Secure Authentication is available for download from ESET’s website. We recommend updating to this version.

Affected products and versions

  • ESET Secure Authentication RDP component

Feedback & Support

If you have feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Support.

Version log

Version 1.0 (October 18, 2016): Initial version of this document

Was this information helpful?