ADSelfService Plus Fixes and Enhancements [2021]

ADSelfService Plus Fixes and Enhancements [2021]

Release Notes for build 6105 (May 26, 2021)
Enhancements:
  • Admins can now configure users' managers email addresses to send them notifications about user activities like self-service password reset, self-service account unlock, password change, and enrollment.
  • The email verification code generated during enrollment and user identity verification can now be sent to the admin or manager via email.
  • An option has been introduced to block specific email domains and mobile formats provided during user enrollment.
Issue fixes:
  • A vulnerability which lead to unauthenticated and authenticated remote code execution through PowerShell injection has been fixed.
  • If the user entered an email address during enrollment and the same email address was later updated as the user's AD mail attribute value, the user did not receive scheduled notifications and the email address was displayed twice during email verification authentication. This issue has been fixed.
  • When users access the end-user portal through NTLM Authentication, user actions could not be performed in certain Windows environments. This has been fixed. 
  • The configuration of RADIUS authenticator failed when the secret key had specific special characters (<, >, ', ", and &). This has been fixed.
  • An issue that occurred in the secure links generated for email verification has been fixed.
Release Notes for build 6104 (May 8, 2021)
Vulnerability Issue Fixes:
  • A vulnerability that in rare cases allowed bypassing CAPTCHA in the ADSelfService Plus login page has been fixed.
  • A rare Cross-Site Scripting attack vulnerability in the e-mail address field used in the employee search feature has been fixed. (Reporter: Matt CVE-ID: CVE-2021-27956))
  • A vulnerability that in rare cases can cause Reflected Cross-Site Scripting attacks has been fixed.
  • A vulnerability that in rare cases let attackers expose information about the database application configured for password sync has been fixed.
  • A vulnerability that in rare cases let attackers bypass the ADSelfService Plus' admin portal access restriction based on IP addresses has been fixed.

Release Notes for build 6103 (Apr 28, 2021)
Highlight:
  • Zoho OneAuth's OTP authenticator can be used as an MFA method to verify users' identities during password reset and account unlock actions, ADSelfService Plus logins, and machines and VPN logins.
Enhancements:
  • The Linux login agent now supports Ubuntu version 20.x.
  • The password synchronization with OpenLDAP now supports the Extended Password modify operation - (RFC-3062).
  • SAML assertion attributes have been introduced to allow admins to configure the specific attributes that have to be included in the SAML response token sent to the service provider by ADSelfService Plus to prove a user's identity.
Issue Fixes:
  • For SAP NetWeaver password sync, the unlock account functionality is now restricted for accounts that were locked or disabled by the admins.
  • An issue with configuring the Select Duration setting for scheduled reports has been fixed.
  • An issue with generating reports using the Operator technician role has been fixed.
Release Notes for build 6102 (Mar 20, 2021)
Issue Fix:
  • A remote code execution vulnerability (Zoho bug bounty ID: ZVE-2021-0941) caused by a PowerShell script used for password change operations has been fixed.

Release Notes for build 6101 (Mar 5, 2021)
Enhancement:
  • ADSelfService Plus now supports three different methods of Windows login agent installation to ensure success rate. The three methods are :
    • Remcom
    • PAExec
    • WMI
Issue Fix:
  • The issue of not receiving a prompt for multi-factor authentication while using the VPN when languages other than English are personalized for the ADSelfService Plus server has been resolved.
Please click here to check the fixes and enhancements on the previous version of the application.