ADAudit Plus security advisory regarding broken authentication vulnerability

ADAudit Plus security advisory regarding broken authentication vulnerability

Hi,

We wanted to let you know that ADAudit Plus builds have been reported to suffer a broken authentication vulnerability, when using SAML authentication. This article explains the issue and the steps to be followed to secure your ADAudit Plus instance. For more information on this, please refer to our ADAudit Plus Build 6077 release notes here

What is the issue?
Broken authentication vulnerability in ManageEngine ADAudit Plus allows an attacker to impersonate a legitimate user through traffic manipulation when using SAML authentication.

Who does it affect? 
All users using ADAudit Plus versions below 6077. 

What is the severity level of this vulnerability?
The severity of this vulnerability was recognized to be high.

Is there a fix for this issue?
i. If you are using SAML authentication, upgrade the product to the latest build (6077).
Follow these steps to update your ADAudit Plus:
Step 1: Stop ADAudit Plus. 
Step 2: Download the service pack for the latest build 6077 from this page. If you wish to download the complete build, you can do it from here.
Step 3: Apply the service pack by following the steps under "Instructions to apply Service Pack" section in this page
Step 4: Start ADAudit Plus.

ii. If you are not using SAML authentication, ensure that it is disabled.
Follow these steps to disable SAML Authentication:
Step 1: Login to your ADAudit Plus console.
Step 2: Go to Admin > Logon Settings > Single Sign On and uncheck the Enable Single Sign-on with Active Directory option.

If you need any additional information or if you face any issues in performing the recommended steps, please write to us at support@adauditplus.com. You can also call us at +1 844 245 1101 (toll-free).