ADSelfService Plus 6112 Hotfix Release

ADSelfService Plus 6112 Hotfix Release

Hello everyone,

We are glad to announce the release of build 6112 with the following enhancements and issue fixes:

Enhancements :
  • Mac Agent support has now been introduced for macOS Big Sur.
  • Mobile app support to block specific email domains and mobile number formats during user enrollment has now been provided.
Security Issue Fixes :
  • The SSRF vulnerability present in the High Availability module has now been fixed. [CVE-2021-37419]
  • A vulnerability in the Approval Workflow module which facilitated an unauthenticated attacker to send emails to domain users has now been fixed. [CVE-2021-37420]
  • The possibility of a Boolean SQL injection attack during manual account linking for Oracle Database has been eliminated. [CVE-2021-37422]
  • The security issue of account takeover via machine account creation has now been fixed. [CVE-2021-37424]

Issue Fixes :
  • While using the mobile app to reset password/unlock account, the forced number of authentication factors were not verified. This issue has now been resolved.
  • The issue in build 6111 with the MFA for VPN feature in which authentication was bypassed has now been resolved.
  • The password changes were not applied across all linked accounts when the Force Password Synchronization option was enabled in build 6111. This issue has now been fixed.

How to update?
Update using the service pack.

New to ADSelfService Plus?
Download the fully functional 30-day free trial now.