This article describes how to handle a possible phishing vulnerability in Nexus Hybrid Access Gateway and Smart ID Digital Access with versions above 5.*. This vulnerability has ID DA-282.
The information in this article is provided as a part of security measures and we urgently request you to apply the patches provided for 5.13.0 to 5.13.5, 6.0.2 and 6.0.4 versions respectively.
See the instructions below for the different versions.
Hybrid Access Gateway 5.13.0 to 5.13.5 This instruction describes how to resolve a phishing vulnerability in Hybrid Access Gateway 5.13.0 to 5.13.5.
The needed file can be accessed here: https://support2.nexusgroup.com/Release/?sub=/SSO%20Vulnerability%20fix%20-%20DA-282/5.13.5%20and%20earlier&cat=Nexus%20Hybrid%20Access%20Gateway
Move the provided file access-point to the virtual appliance. ssh into the machine. Exit from the bash menu and elevate the prompt (use, for example, sudo su -
) Go to /opt/nexus/access-point/bin . Stop the access point:
Stop access point
CODE
/etc/init.d/access-point stop
Copy the current file access-point and save it in a different location. Remove the file access-point . Copy the provided file access-point to the folder /opt/nexus/access-point/bin . Set the correct permissions:
Set permissions
CODE
chown pwuser:pwuser /opt/nexus/access-point/bin/access-point
Start the access point:
Start access point
CODE
/etc/init.d/access-point start
Make sure that everything works and also verify system logs to check for any anomalies. Digital Access 6.0.2 This instruction describes how to resolve a phishing vulnerability in Digital Access 6.0.2.
The needed file can be accessed here: https://support2.nexusgroup.com/Release/?sub=/SSO%20Vulnerability%20fix%20-%20DA-282/6.0.2&cat=Nexus%20Hybrid%20Access%20Gateway
Move the provided file access-point-6.0.2-sso-fix.tar to the virtual appliance. ssh into the machine. Exit from the bash menu and elevate the prompt (use, for example, sudo su -
) Stop the access point:
Stop access point
CODE
docker exec orchestrator hagcli -s access-point -o stop
Save the current access point as backup:
Save current access point
CODE
docker save repo.nexusgroup.com/smartid-digitalaccess/access-point:6.0.2.26514 -o /home/agadmin/access-point-6.0.2-original.tar
Remove the old image:
Remove old image
CODE
docker image rm -f repo.nexusgroup.com/smartid-digitalaccess/access-point:6.0.2.26514
Load the new image (assuming it is in /home/agadmin ):
Load new image
CODE
docker load -i /home/agadmin/access-point-6.0.2-sso-fix.tar
Verify that it worked:
Verify image
CODE
docker image ls | grep access
This should produce a return output similar to this:
Start the new access point:
Start access point
CODE
docker exec orchestrator hagcli -s access-point -o start
Verify that the access point starts:
Verify that access point starts
CODE
docker ps
There should be an entry like this:
Digital Access 6.0.3 and 6.0.4 This instruction describes how to resolve a phishing vulnerability in Digital Access 6.0.3 and 6.0.4.
Move the provided file access-point-6.0.4-sso-fix.tar or access-point-6.0.3-sso-fix.tar to the virtual appliance. ssh into the machine. Exit from the bash menu and elevate the prompt (use, for example, sudo su -
) Stop the access point:
Stop access point
CODE
docker exec orchestrator hagcli -s access-point -o stop
Save the current access point as backup:
Save current access point
CODE
docker save repo.nexusgroup.com/smartid-digitalaccess/access-point:6.0.4.44985 -o /home/agadmin/access-point-6.0.4-original.tar
Remove the old image:
Remove old image
CODE
docker image rm -f repo.nexusgroup.com/smartid-digitalaccess/access-point:6.0.4.44985
Load the new image (assuming it is in /home/agadmin ):
Load new image
CODE
docker load -i /home/agadmin/access-point-6.0.4-sso-fix.tar
Verify that it worked:
Verify image
CODE
docker image ls | grep access
This should produce a return output similar to this:
Start the new access point:
Start access point
CODE
docker exec orchestrator hagcli -s access-point -o start
Verify that the access point starts:
Verify that access point starts
CODE
docker ps
There should be an entry like this: