-
Title
Active Roles 7.4.0 security vulnerability hotfix -
Description
PLEASE NOTE:
Internal testing of Active Roles 7.4.0 has revealed a potential vulnerability in very specific deployment configurations. This hotfix resolves the vulnerability.
This hotfix should ONLY be installed on Active Roles 7.4.0 installations. The vulnerability has been resolved in Active Roles 7.4.1 and therefore this hotfix is not required for that version.
This hotfix resolves the following issues:
142061
Active Roles Web Interface exposes a potential vulnerability under very specific circumstances.
113962
Error message for Office 365 Roles Management policy violation appears as "The Azure user Role(s) can be assigned" instead of "The Azure user Role(s) cannot be assigned".
139573
In Active Roles web interface, objects are retrieved slowly when RSTS Authentication is configured.
167708
Active Roles crashes on-post operations (executed through workflow/policy) when SaaS provisioned policy is enabled on OU.
167719
In Active Roles MMC, Starling 2FA authentication dialog box still displays the SMS or Phone call options even after disabling these options in Starling 2FA settings.
167845
MSOnline cmdlet fails while executing O365 script execution configuration activity in the automation workflow.
-
Cause
113962
139573
142061
167708
167719
167845
-
Resolution
Please download the hotfix here.
Installing this hotfix
To install the hotfix
- Copy the supplied file Active_Roles-7.4.0-SOL311495.exe.rename to the One Identity Active Roles 7.4.0 computer.
- Remove the .rename file name extension.
- Run the file Active_Roles-7.4.0-SOL311495.exe and follow the on-screen instructions to complete the hotfix installation.