mPass Security Patch Update Release Notes
As part of our continuous efforts to improve our product's security, we have released a new security update for mPass Authentication Server (4.10.0 release). You are advised to update if your organization uses mPass AS versions 4.9.13 or earlier.
Please note that these vulnerabilities/weaknesses affect only the mPass Administration portal and mPass User Portal and NOT the Multi-factor authentication services (backend).
The new release (4.10.0) includes improvements and fixes for the following items: -
- Improved object referencing mechanism.
- Improved account lockout mechanism in administration portal.
- Improved error handling and messages.
- Improved HTTP headers (HttpOnly cookie, XSS protection header, HTTP Strict-Transport-Security Header).
- Updated a vulnerable JavaScript library.
To update your mPass, please request a new release from the Cerebra support team at support@cerebra.sa, then you can perform the following operation (with the help from Cererbra support team if needed):-
- Take a backup of existing application binaries.
- Execute DB scripts from the DB client.
- Stop mPass Windows service.
- Replace existing binaries with new versions.
- Start mPass Windows service.
- Monitor mPass logs.
- Repeat the above steps (except 2) for all mPass nodes.
If you have any questions or support, please get in touch with our support team through this link.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article