- Host Access Management and Security Server (MSS) - all versions
- Host Access for the Cloud - all versions
- Reflection for the Web - all versions
- Micro Focus Desktop clients (Reflection, InfoConnect, Rumba+) that are managed with Management and Security Server (MSS)
Customers using Single Sign-on through Windows to authenticate to Host Access Management and Security Server (MSS) are subject to the âNetlogon Elevation of Privilege Vulnerabilityâ (CVE 2020-1472).
According to NIST, âAn elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerabilityâ.â
Microsoft published guidance on how to manage the changes in Netlogon secure channel connections associated with this CVE. The first step is to update your Domain Controllers.
Unfortunately, after updating your Domain Controllers, MSSâs authentication implementation of âSingle Sign-on through Windows authenticationâ will no longer function.
To mitigate the âNetlogon Elevation of Privilege Vulnerabilityâ and its relationship with Host Access Management and Security Server (MSS), use a different authentication method.
Instead of using âSingle Sign-on through Windows Authentication, choose one of these methods in Host Access Management and Security Server (MSS Administrative Console):
- Single Sign-on through IIS* (available only for Host Access for the Cloud or Reflection for the Web)
* recommended for a Single Sign-on experience
NOTE: SAML Authentication will be available in Reflection for the Web version 13.2. If you prefer to use SAML with the current (13.1) release, contact Support for more information.