Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

An openSSL vulnerability has been found, that can affect Smart ID Digital Access componentThis article describes how to handle the vulnerability.

This vulnerability can affect all versions of Hybrid Access Gateway and Digital Access from 5.13.x to 6.0.4.

According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious "ClientHello" message during the handshake between the server and a user.

More details can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449

In order to stay un-affected by this vulnerability in Hybrid Access Gateway and Digital Access, we strongly recommend you to disable the renegotiations in the Access points as shown below.

  1. In Digital Access Admin, go to Manage System > Access points > Edit Access point.
  2. Disable (uncheck) these options:
    1. Allow renegotiation
    2. Renegotiation DoS protection

  3. Go to Manage System > Access points > Manage Global access settings.
  4. Disable (uncheck) Enable legacy renegotiation.

  5. Click Save.