SHA1 certificates issued to Active Directory domain controllers or LDAP directory servers must be reissued as SHA256 or greater. This affects Duo Single Sign-On Active Directory authentication, Active Directory Sync, OpenLDAP Directory Sync, and ad_client configuration for RADIUS or LDAP authentication. SHA1 signed certificates are no longer supported for LDAPS or StartTLS connections.Resolves an issue in version 6.0.0 ( CVE-2023-20207 Cisco Security Advisory) where some configurations would output plain-text secrets to authproxy.log during proxy service start.Fixed a resource leak related to failed TLS connections.The Authentication Proxy connectivity tool and Authentication Proxy Manager now raise an exception if the Authentication Proxy is given a password-protected certificate.The value for allow_concat in the radius_server_eap section now correctly defaults to True. See Guide to Duo's iFrame Reconfiguration Script.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |