/
Critical issue: User Certificate authentication method in Digital Access
Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Critical issue: User Certificate authentication method in Digital Access

Owned by Josefin Klang (Deactivated)
Last updated: Feb 21, 2024 by Ylva AnderssonVersion comment
2 min read

2024-02-16

A critical issue has been detected in case of User certificate authentication in Digital Access.

This is important for all partners and customers that are using the User Certificate authentication method.

Smart ID Mobile App and Smart ID Desktop App (Personal) authentication methods are not impacted by this issue.

The fix has now been released for all the supported Digital Access versions.

Steps to patch the Digital Access version you are on:

  1. Change the image tag in versiontag.yml as per the table below only for the access point image. You can, for example, use nano as editor. The version tag is located here: /opt/nexus/docker-compose/versiontag.yml

  2. Execute the following commands to redeploy the stack. Note that this will stop services and system access for 1-2 minutes while the stack is being redeployed:
    docker stack rm da
    bash /opt/nexus/scripts/start-all.sh

  3. To verify that the change has been successful please issue the following command:
    docker stack ps da

    This will display a number of lines (one for each service), and the column ERROR should be empty if everything is working. If there are any errors in this column, there is probably a typo in versiontag.yml or the image was not properly downloaded.

The tags that are bundled together do not have access point-related changes and can be combined to a single latest version.

For example:
For Digital Access 6.3.2, 6.3.3 and 6.3.4 there is no change in access point compared to the previous version release. Therefore customers on these tags need to patch to 6.3.4.279192 tag for access point.

Release

Access point version tag

Release

Access point version tag

DA 6.5.1

6.5.1.279291

DA 6.5.0

6.5.0.279202

DA 6.4.0

6.4.0.278935

DA 6.3.2, DA 6.3.3, DA 6.3.4

6.3.4.279192

DA 6.3.1

6.3.1.278946

DA 6.3.0

6.3.0.279180

DA 6.2.4

6.2.4.279007

DA 6.2.0, DA 6.2.1, DA 6.2.2, DA 6.2.3

6.2.3.279199

For information about supported versions, see Supported versions of Digital Access component.

Contact Nexus support for more details.

 

Related content

CURL vulnerability information (CVE-2023-38545)
CURL vulnerability information (CVE-2023-38545)
Nexus Documentation
Read with this
Upgrade Digital Access component from 6.0.5 or above
Upgrade Digital Access component from 6.0.5 or above
Nexus Documentation
More like this
Upgrade Digital Access component
Upgrade Digital Access component
Nexus Documentation
More like this
Troubleshooting after upgrade Digital Access to 6.0.5 and above
Troubleshooting after upgrade Digital Access to 6.0.5 and above
Nexus Documentation
More like this
Known limitations in Digital Access
Known limitations in Digital Access
Nexus Documentation
More like this
Resolve a vulnerability in Digital Access that can result in a Denial of service
Resolve a vulnerability in Digital Access that can result in a Denial of service
Nexus Documentation
More like this

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions