[AD360] Impact of Log4j dependency removal on RSA SecurID-based two-factor authentication
Hi there!
Due to Apache Log4j library's security vulnerability (CVE-2021-44228), AD360 has completely removed Log4j dependency in build, 4302. However, the Log4j library is required if you wish to configure RSA SecurID for two-factor authentication (TFA).
If you are an existing customer who has already enabled RSA SecurID for TFA, update AD360 to its latest build, 4302, and then perform the following steps to continue using the RSA SecurID authenticator:
Step 1: Go to <AD360_install_directory/lib> folder (the default location is C:\ManageEngine\AD360\lib).
Step 2: Delete the existing authapi.jar, log4j-1.2.8.jar, and log4j-1.2.15.jar files.
Step 3: Obtain the latest authapi.jar file and its latest Log4j JAR files from RSA SecurID
Step 4: Add the obtained authapi.jar and Log4j JAR files in the <AD360_install_directory>/lib folder.
Step 5: Restart AD360.
Customers who would like to enable RSA SecurID, should update to build 4302, and then follow Steps 3 to 5 before proceeding to configure RSA SecurID as mentioned in this guide.
Regards,
AD360 Team
Toll Free: +1-888-720-9500
Direct: +1-408-916-9890