High Severity vulnerability in Apache Log4J 2

Last modified on 14 Dec, 2021. Revision 4
Log4J 2 is used in Clavisters EasyAccess and EasyPassword products and must be reconfigured to not be susceptible to this vulnerability. 
Up to date for
EasyAccess 4.1.2
Status OK

Affected Versions

EasyAccess <= 4.1.2

Fix Information

To mitigate this threat, add the following parameter to the startup file:

On Linux, set the parameter in /bin/start-PhenixID.sh (JAVA_OPTS=”${JAVA_OPTS} -Dlog4j2.formatMsgNoLookups=true”)
On Windows, set the parameter in /bin/*.vmoptions (-Dlog4j2.formatMsgNoLookups=true)

For more detail, please don’t hesitate to contact Clavister Support!

Security Patches

An updated version of log4j2 will be included in all future releases.

Updated versions will be available from https://my.clavister.com/


Related articles

Sending EasyAccess logs to InCenter or a Syslog server
4 May, 2021 easyaccess incenter syslog
How to configure passwordless OneTouch authentication
24 Feb, 2021 easyaccess radius saml sso onetouch
Upgrading EasyAccess for Windows (PhenixID Authentication Services)
28 Feb, 2024 changeme easyaccess phenixid pas
Protecting against the Apache Log4j exploit
15 Dec, 2021 core idp ipreputation log4j