ADSS GINA agent records password in clear text in log file.
Recently I have configured GINA with VPN configuration. While testing I noticed ADSelfServicePlus Client Software has saved my password in clear text in its log file. When I checked with support I got reply that its normal behavior. This is very big security issue and can't be accepcted.
adselfserviceplus owa integration
hi. i'm testing adselfserviceplus and i'm trying to integrate with owa i'm at the start, where i need to replace data inside logon.aspx i'm not a coder, and some of the stuff in the manual is unclear maybe someone has a predefined logon.aspx to send me? i don't want to break anything in the original file by pasting wrong data in the wrong place.
How to fix the unauthenticated product integration vulnerability
Hello Everyone, We wanted to let you know that a security vulnerability was detected in ADSelfService Plus and we have fixed it. This article explains how you can fix this issue. What is the issue? ADSelfService Plus had a vulnerable endpoint which allowed a user to integrate ADSelfService Plus with any other supported ManageEngine product, bypassing authentication. Which version of ADSelfService Plus is affected? All ADSelfService Plus builds below 5817 are affected. What is the severity level of
ADSelfService Plus 5815 released with an important security fix
Hello Everyone, We have released a new build of ADSelfService Plus, 5815, which fixes a security vulnerability. Issue Fix: Security fix to ensure ADSelfService Plus is immune to unauthenticated remote code execution (RCE) vulnerability, which was reported by Pieter through our bug bounty program. [ CVE-2020-11518 ] New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
ADSelfService Plus 5817 released with an important security fix
Hello Everyone, We have released a new build of ADSelfService Plus, 5817, which fixes a security vulnerability. Issues Fixed : Fixed a vulnerability which allowed a user to enable integration with other supported ManageEngine products bypassing authentication [CVE-2020-24786] , which was reported by Florian Hauser. Issue in using Push Notification authentication for logging into ADSelfService Plus when TFA is enabled. How to update? A service pack for this build will be released soon. Stay tuned.
Customizing the main login screen?
When users get the first screen to either choose "Reset Password" or "Unlock Account", and that page be customized? It seems very bland.
ADSelfService Plus 5816 Release !!!
Hello Everyone! We are glad to announce the release of build 5816 with significant new features and enhancements. Features: Improved look and feel with flat UI: The ADSelfService Plus admin portal has been revamped with a sleeker and more streamlined flat user interface. Embed dashboard widgets: The dashboard graphs can be embedded in any web page using the HTML snippet provided. A URL is also provided to access the graph separately. Language customization: Personalize ADSelfService Plus by customizing
How to personalize diffrent language of portal
Hi, I wanna to set Arabic language for all user and customize English language for own user. What should I do? Thanks
Add Custom text in the Login Box
On the main login page I would like to add custom text near the word "Log In" how to do that?
Can I remove "Update Your Profile Efficiently" Options from the login screen?
Hi I have disabled the option for the users to self update but it still appears on the Self Service login screen, can I change the login screen to remove the option? Thanks Rich
[Webinar] Enhance user self-service experience with ADSelfService Plus
Hello, Telecommuting might add to an increase in the number of password-related tickets. How do you solve this? Attend our 'Password management best practices and security tips for remote employees' webinar on 9th April 2020, and learn to resolve the password management challenges. Register for the webinar You will learn about : 1. Password reset for remote employees 2. Password expiration notification for remote users 3. Web-based password changes for Active Directory 4. Tips for better password security
ADSelfService Plus 5810 Release
Hello folks! We are delighted to announce the release of 5809. Issue Fixed : Issue in AltGr key usage in the GINA login agent when ADSelfService Plus' end-user portal is configured in non-english display settings. New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
ADSelfService Plus 5814 Release
Hello folks! We are delighted to announce the release of 5814. Issue Fixes: Issue of unnecessary characters in SMS notifications when using the SMTP provider due to improper encoding type. Issue in generating the Enrollment Reports graph in the Dashboard tab. A vulnerability issue in the ADSelfService Plus login agent has been fixed. Issue of password reflection during password reset. Issue of a Cross-site Scripting vulnerability. New to ADSelfService Plus? Download the fully functional 30-day free
SMS missing
Hi I have the option to send users the code by email and today we config SMS and in the test works fine. Why when the users go to reset or unlock the account only the email options is show ? Regards
ADSelfService Plus 5813 Release
Hello folks! We are delighted to announce the release of 5813. Issue Fix: A security issue that arises when the 'User must change password at the next logon' option is enabled in Active Directory has been fixed. New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
Password complexity
Our current active directory environment allows for either/or of numbers and symbols. When configuring the password complexity in ADSelfServicePlus, I only have the option to add those 2 independently. So for example, I could set my password as Password1 in AD, but ADSelfServicePlus would then require me to set a password of Password1!. Thanks in advance! -Jared
SMS Config
I am custom configuration SMS and tested running but my problem starting now sms text comes united example: I am typing "change password". "changepassword" appears on the phone. I write in Turkish but the Turkish characters "ş Ş İ ı ö Ö ğ Ğ ç Ç" appear to be erroneous.
ADSelfService Plus 5812 Release
Hello folks! We are delighted to announce the release of 5812. Issue Fix: Issue in enforcing the default minimum password length (i.e, 7) when product technicians change their account passwords. New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
Admin login for self service
Hi There, In self service I have removed the option to login to the admin login on the default page. Now occasionally when I go into the admin page it goes to the normal login instead. So http://server:8888 works fine for general users though when going to http://server:8888/AdminLogin.cc it still defaults to the main page most of the time. Any ideas? Or is there a different url to try? Damon
ADSelfService Plus 5811 Release
Hello folks! We are delighted to announce the release of 5811. Feature : Block breached passwords: ADSelfService Plus now supports integration with 'Have I Been Pwned?', which prevents the use of breached passwords during password change or reset by users. New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
Error when using password reset without remembering the old one
Hi, After setting up ADSelfService Plus I'm running into the following error: If I log in with a test account and just reset the password there is no issue, but if I try and use the feature to reset a password without knowing the old one, I just get an error saying that the reset has been rejected. I'm pretty sure it was working a couple of days ago, but after adding a license file yesterday it haven't been working. I'm not sure if those two events are correlating?
[Free Online Training] Register now for our free ADSelfService Plus Online training series.
Hello, ManageEngine is back again with another series of online workshops to help you make the best use of our integrated password management and single sign-on solution- ADSelfService Plus. This free live online training will be your guide to eliminate password management troubles while helping you get a better hang of using the solution. The benefits don't just end here. By attending all the sessions in this series you can take up our MECPA certification test for free.
ADSelfService Plus 5809 Release
Hello folks! We are delighted to announce the release of 5809. Enhancement : Option to resend verification codes while authenticating user identities via SMS or email. Issue Fixes : Issue with updating the status of the GINA login agent installation via GPO in ADSelfService Plus. Issue in installing the macOS login agent for users when the domain admin password contains certain special characters such as the '!' and '.'. Issue which caused the open re-direct vulnerability has been fixed [ CVE-2019-18781
[ADSelfService Plus 5808 Release] - Endpoint MFA
Hello folks! We are delighted to announce the release of 5808. Highlight : Endpoint multi-factor authentication (MFA) : Add an extra layer of security to Linux logins, in addition to Windows and macOS, with any of the supported 14 authentication methods including Yubikey, fingerprint authentication, RSA SecurID, and DUO Security. Enhancement : Option to perform remote installation, un-installation, customization, and re-installation of the Linux login agent from the admin console. New to ADSelfService
[ADSelfService Plus 5807 Release] - Passwordless verification
Hello folks! We are delighted to announce the release of 5807. Highlight : Yubikey authenticator support: Users can use the Yubikey device to prove their identity during self-service password resets/account unlocks, ADSelfService Plus logins, and endpoint logins. New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
GINA troubleshooting
Hi, We have some computers that don't get updated by the GINA customization schedule. Where can I find server-side and client-side logs related to this? I already checked %installationdir%\logs\gina on the server but that folder is empty. And I can't find the installation directory on the clients at all, though gina is running. /Rasmus
Attend our Active Directory and IT security seminar from the comfort of your workplace.
We're thrilled to announce that our two-day Active Directory and IT security seminar will be available for online attendees. If you've always wanted to attend one of our seminars but haven't been able to make the trip, here's your chance. Join us online as our technical evangelists help you get up to speed with all the latest trends and best practices in AD, IT security, and much more. You will also learn how adopting an SIEM solution can help prevent data breaches in your organization.
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the ADSelfService Plus community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire ADSelfService Plus family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it! Cheers, Team ADSelfService Plus.
Don't miss out: Register now for our Cybersecurity and Hybrid Identity Management seminar in London.
Hello! We wanted to remind you that our London Cybersecurity and Hybrid Identity Management seminar is around the corner, and we'd love for you to join us. Join us in London Reserve your
ADSelfService Plus 5806 Released !!!
Hello folks! We are delighted to announce the release of 5806. Issues Fixed: Issue in the GINA/CP logon agent that could lead to privilege escalate is fixed. A CSRF Vulnerability that occurs in the self-update section of the end-user portal is fixed. [ CVE-2019-18411 ] New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
Modification Rules - choose street relaying on Country
I would like to that users can first choose country from a dropdown list (AD parameter) and relaying on that choice later choose exact location from a dropdown list containing only locations in that country, and set it as a 'street' attribute in AD. Adam.
ADSelfService Plus 5804 Released !!!
Hello folks! We are delighted to announce the release of 5804 with a few enhancements and issue fixes. Highlight: Korean language support: The end user and the admin portal can now be personalized in Korean language, besides the twenty other supported
[ManageEngine seminar] Here's your exclusive invite.
Hello! Here is an exclusive invite for you to be a part of our US edition of Cybersecurity & Hybrid Identity Management seminars. Derek Melber, AD MVP and Chief Technical Evangelist at ManageEngine will explain Active Directory management and IT security best practices from across the globe. He will also share valuable tips to secure your IT environment from potential threats.
[Webinar series] Learn what's new in our Active Directory and IT Security solutions.
Hello, We are delighted to send you this exclusive invite to ManageEngine's first ever What's new webinar series. Our product experts will explain in detail about all the recent features and enhancements in your favorite Active Directory and IT security solutions. Register now October 22, 23, 29 & 30 at 11 AM EDT Note: Register just once to attend all the sessions in this
ManageEngine's podcast series is now live. Subscribe now!
Hello, Have you ever imagined listening to your favorite IT security expert discuss the ways you can enhance the security posture of your environment on-the go? Now you can! We're thrilled to announce the launch of our weekly podcast series where our security experts, including Derek Melber, Active Directory MVP, will present their take on a wide range of IT security topics. Subscribe now By subscribing and listening to
ADSelfService Plus 5803 Released !!!
Hello folks! We are delighted to announce the release of 5803 with a few issue fixes. Issue fixes : All untranslated UI text are now localized for all the languages supported by ADSelfService Plus. Issue which displayed the error message "Sorry, the page you requested was not found," when manually initiating multiple GINA/Mac/Linux logon agent installation processes. Issue in Password Expiration Notifier Tool which failed to accept the DisplayName in the From Mail address of Mail Server settings.
[ManageEngine Free Online Training ] Register now for our ADSelfService Plus training series.
Hello, ManageEngine is back again with another series of online workshops to help you make the best use of our integrated password management and single sign-on solution- ADSelfService Plus. This free live online training will be your guide to eliminate password management troubles while helping you get a better hang of using the solution. The benefits don't just end here. By attending all the sessions in this series you can take up our MECPA certification test for free.
[ManageEngine Netherlands seminar] Here's your exclusive invite.
Hello! ManageEngine's Cybersecurity & Hybrid Identity Management seminar is happening in Amsterdam, Netherlands on Sep 3 and here is an exclusive invite for you. Derek Melber, Microsoft MVP will explain how you can safe-guard your network from cyber threats, and get insights on the best practices for managing and securing a hybrid environment. Register now Date : September 3 Location
ADSelfService Plus 5802 Released !!!
Hello folks! We are delighted to announce the release of 5802 release which covers few security bug fixes. Fixes: A minor text alignment issue while displaying the custom password policy during password change/reset is fixed. An injection vulnerability in the Windows and Linux login agent is fixed. New to ADSelfService Plus? Download the fully functional 30-day free trial now. Regards, ADSelfService Plus Team Toll Free: +1-84-245-1104 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
[ManageEngine Webinars] Say goodbye to weak passwords with ADSelfService Plus’ password policy.
Hello! We can help you identify users with a weak password but how can you prevent users from using weak passwords? <Register Now> Date: Aug 22 Time: 2 PM BST | 11.30 AM IST Learn about the limitations of Active Directory password policy, enforce a customized more granular password policy for both on-premises and cloud applications, and improve password
Next Page