High Severity vulnerability in Apache Log4J 2

Last modified on 14 Dec, 2021. Revision 4
Log4J 2 is used in Clavisters EasyAccess and EasyPassword products and must be reconfigured to not be susceptible to this vulnerability. 
Up to date for
EasyAccess 4.1.2
Status OK


Affected Versions

EasyAccess <= 4.1.2

Fix Information

To mitigate this threat, add the following parameter to the startup file:
-Dlog4j2.formatMsgNoLookups=true

On Linux, set the parameter in /bin/start-PhenixID.sh (JAVA_OPTS=”${JAVA_OPTS} -Dlog4j2.formatMsgNoLookups=true”)
On Windows, set the parameter in /bin/*.vmoptions (-Dlog4j2.formatMsgNoLookups=true)

For more detail, please don’t hesitate to contact Clavister Support!

Security Patches

An updated version of log4j2 will be included in all future releases.

Updated versions will be available from https://my.clavister.com/

References

Related articles

Sending EasyAccess logs to InCenter or a Syslog server
4 May, 2021 easyaccess incenter syslog
Missing fonts when installing EasyAccess 4.0.2
30 Mar, 2021 linux easyaccess
Returning Session and/or Idle timeout in a RADIUS Scenario.
21 Jan, 2021 easyaccess radius
How to disable OneTouch or OTP for specific users on RADIUS Authenticators.
24 Feb, 2021 easyaccess radius
How to configure passwordless OneTouch authentication
24 Feb, 2021 easyaccess radius saml sso onetouch
Upgrading EasyAccess for Windows (PhenixID Authentication Services)
28 Feb, 2024 changeme easyaccess phenixid pas
How do I work with nested groups (AD) in EasyAccess
21 Jan, 2021 easyaccess
Changing EasyAccess MyApps icons through the WebUI
18 May, 2021 easyaccess myapps
Vulnerability in Apache Log4J 2 which is used in InCenter
12 Jan, 2022 incenter log4j vuln
Protecting against the Apache Log4j exploit
15 Dec, 2021 core idp ipreputation log4j
How to import and enroll Feitian Hardware Keys (HOTP)
18 Jan, 2021 easyaccess hotp




Tagseasyaccesslog4j