All releases tagged Security
Release Notes: This release sets maxlength on radius secret to 128 and comments out the unneeded tac_plus build.
Release Notes: Updated for handling CA cert expiration. If upgrading to this version, please create new certificates via the WiKIDAdmin.
Release Notes: This release removes weak SSL Ciphers from the WiKIDAdmin interface. This is needed for PCI audits.
Release Notes: This release adds a new API function: list users by domain.
Release Notes: This release fixes a minor typo and a radius configuration bug.
Release Notes: This release adds a minor UI improvement to reduce confusion, removes unnecessary radius configuration options, and clarifies the Mutual HTTPS authentication/Registered URL functionality.
Release Notes: An EAPMD5 issue where the server would validate the passcode but client would still fail was fixed. A problem with bad registration codes killing the wClient connection was fixed. The ability to update a user's "note" via the API was added. An issue where valid OTP was rejected after an invalid OTP was given when using RADIUS was fixed. An issue with mutual HTTPS authentication was fixed.
Release Notes: A major update for two-factor authentication server. Upgrades Tomcat to version 7. Adds log4j to tomcat libraries for clean shutdown. A fix for RADIUS reporting "MESSAGE AUTHENTICATOR IS INCORRECT". A fix for sorting by type and last activity on user page result in blank page. Runs WiKID as a non-root user (wikid). Updates to compile with gcc3. Release of a 64-bit Utilities RPM. A new pre-registration mode for multi-server pre-registration. Better handling of various Java installs. A fix for MD5 RADIUS errors. An updated RADIUS plugin.
Release Notes: A software token is now able to pre-register across multiple WiKID servers with the default configuration. Minor bugfixes have been made.
Release Notes: This release disallows blank or null passwords for directory binds, since this falls back to an anonymous bind and appears to succeed. It can catch exceptions other than NamingException in the adregister2 example script. There is a Log4j db appender module for WiKID logging, and an Intellij IDEA module file for the Android token. It sets Content-Type to "" to get past mod_security. There are some bugfixes.
