This instruction describes how to resolve a phishing vulnerability in Digital Access 6.0.2.
The needed file can be accessed here: https://support2.nexusgroup.com/Release/?sub=/SSO%20Vulnerability%20fix%20-%20DA-282/6.0.2&cat=Nexus%20Hybrid%20Access%20Gateway
- Move the provided file access-point-6.0.2-sso-fix.tar to the virtual appliance.
- ssh into the machine.
- Exit from the bash menu and elevate the prompt (use, for example,
sudo su -
) Stop the access point:
Stop access point
CODE
docker exec orchestrator hagcli -s access-point -o stop
Save the current access point as backup:
Save current access point
CODE
docker save repo.nexusgroup.com/smartid-digitalaccess/access-point:6.0.2.26514 -o /home/agadmin/access-point-6.0.2-original.tar
Remove the old image:
Remove old image
CODE
docker image rm -f repo.nexusgroup.com/smartid-digitalaccess/access-point:6.0.2.26514
Load the new image (assuming it is in /home/agadmin):
Load new image
CODE
docker load -i /home/agadmin/access-point-6.0.2-sso-fix.tar
Verify that it worked:
Verify image
CODE
docker image ls | grep access
This should produce a return output similar to this:
Start the new access point:
Start access point
CODE
docker exec orchestrator hagcli -s access-point -o start
Verify that the access point starts:
Verify that access point starts
CODE
docker ps
There should be an entry like this: