Blog

Get the inside scoop with LoginTC and learn about relevant security news and insights.

← Back to Blog

LoginTC CVE-2024-3094 Impact

April 03, 2024Thomas Sydorowski

In light of the public disclosure of the compromised xz library packages (CVE-2024-3094), our security team has performed a thorough review of the xz library packages in all LoginTC appliances.

Are LoginTC Cloud services affected?

No, LoginTC Cloud services are not affected.

Are the LoginTC appliances affected? Do I need to update LoginTC appliances running on my premises?

No, LoginTC appliances are not affected. This includes:

  • LoginTC RADIUS Connector 4.x.x
  • LoginTC RADIUS Connector 3.x.x
  • LoginTC Managed 2.x.x
  • LoginTC Managed 1.x.x

Furthermore, newer versions of LoginTC appliances (LoginTC RADIUS Connector 4.x.x) have SSH access disabled by default to minimize the potential attack surface for vulnerabilities.

Are the LoginTC connectors affected?

No, other LoginTC connectors and software do not include any xz library packages and are not affected.

If you are currently running the LoginTC RADIUS Connector 3.x.x, we strongly recommend you upgrade to LoginTC RADIUS Connector 4.x.x before the June 30, 2024 end-of-life date. See the LoginTC RADIUS Connector Upgrade Guide for instructions.

If you have any questions about our security review, don’t hesitate to reach out by phone at 1-877-564-4682 or email at support@cyphercor.com.

← Back to Blog

Free to try for up to 3 users.

Get Started

Start protecting your enterprise assets.

Learn How

Free 2FA Resource Guide.

Download

Start your free trial today. No credit card required.

Sign up and Go