multiOTP Pro ============ multiOTP Pro is a strong two-factor authentication device multiOTP Pro is OATH certified for HOTP/TOTP (c) 2010-2024 SysCo systemes de communication sa https://www.multiOTP.com/ Current build: 5.9.8.0 (2024-08-26) Table of contents * What's new in this release * Wishlist for future releases * Change Log of released versions WHAT'S NEW IN THIS 5.9.x RELEASE ================================ - New Hyper-V and OVA appliances available (version 011, based on Debian 11) - Enhanced special ISO characters support (included octal encoded) - {MultiotpUserAccount} tag can be used in templates - {MultiOtpDisplayName} tag (AD/LDAP DisplayName) can be used in templates - New open source on-premises SMS provider support (https://github.com/multiOTP/SMSGateway) RASPBERRY PI DISTRIBUTION ========================= Please note that an optimized Raspberry Pi binary image is available for any multiOTP Enterprise appliance customer. MULTIOTP CREDENTIAL PROVIDER ============================ multiOTP Credential Provider is a compatible open source Credential Provider for Windows 7/8/8.1/10/11/2012(R2)/2016/2019/2022 in 64 bits, with caching support option (for offline connection), RDP only 2FA, and some other options. To download it: https://github.com/multiOTP/multiOTPCredentialProvider CHANGE LOG OF RELEASED VERSIONS =============================== 2024-08-26 5.9.8.0 ENH: Spryng SMS provider support ENH: Device with description containing "Fortinet" will send two additional RADIUS attributes (ATTRIBUTE Fortinet-Group-Name 1 string, ATTRIBUTE Fortinet-Access-Profile 6 string) ENH: Device with description containing "ZyXEL" will send one additional RADIUS attribute (ATTRIBUTE User-type 1 string admin/limited-admin/user/guest) 2024-05-03 5.9.7.2 FIX: without2fa token can be now correctly converted to TOTP with default 30 seconds time interval FIX: Without2fa tokens with prefix pin where not working with CHAP/MSCHAP/MSCHAPv2 2023-11-23 5.9.7.0 ENH: New Raspberry Pi distribution binary (for Enteprise appliance only) ENH: Upgrade of internal tools INF: This is the last available version for the physical multiOTP Pro 420B device 2023-10-12 5.9.6.9 FIX: Dashboard new firmware information is available again 2023-09-22 5.9.6.7 ENH: Without2FA tokens cannot be used for multi_account connection 2023-08-09 5.9.6.6 FIX: Prefix PIN information was sometimes missing on the provisioning info ENH: New Raspberry Pi distribution binary (for Enteprise appliance only) 2023-07-07 5.9.6.5 FIX: Better Raspberry Pi support (for Enteprise appliance only) 2023-05-10 5.9.6.1 FIX: Automated concurrent access for the same user with "Without2FA" token could corrupt the user file FIX: Template updated to display correct information for "Without2FA" tokens FIX: Enhanced backup process, some configuration may be missing in the backup depending the initial firmware version ENH: Template updated to print bigger QRcode for "MOTP-XML" tokens ENH: Adding on-premises smsgateway (https://github.com/multiOTP/SMSGateway) as a new SMS provider ENH: Better warning messages when ADP/LDAP password failed 2023-01-19 5.9.5.5 FIX: Challenge/response RADIUS was not always working correctly since version 5.9.3.1 2022-11-11 5.9.5.0 ENH: It's now possible to define a special AD/LDAP group to attribute "Without2FA" token to specific users 2022-11-04 5.9.4.0 ENH: Enhanced multiOTP Credential Provider (for Windows) 2022-10-27 5.9.3.2 ENH: New BeagleBone Black based devices have been upgraded to Debian 11 2022-10-21 5.9.3.1 FIX: Better special characters support in username and password FIX: Better special characters support for RADIUS secret ENH: The locked accounts list now also list the temporary delayed accounts ENH: Accounts with Without2FA tokens can now also be stored in cache 2022-08-10 5.9.2.1 ENH: Enhanced Without2FA support, bypassing the 2FA in Credential Provider (for Windows) 2022-06-17 5.9.1.0 FIX: Scratch list was empty in some cases ENH: Enhanced multiOTP Credential Provider (for Windows) 2022-05-26 5.9.0.3 FIX: User account containing octal encoded ISO characters are now also converted to UTF FIX: {MultiOtpVersion} is now correctly replaced in scratchtemplate.html ENH: {MultiOtpDisplayName} tag (AD/LDAP DisplayName) can be used in templates 2022-05-18 5.9.0.0 FIX: User account containing special ISO characters are now also converted to UTF ENH: New Hyper-V and OVA appliances available (version 011, based on Debian 11) ENH: {MultiotpUserAccount} tag can be used in templates 2022-04-28 5.8.7.0 ENH: Enhanced log information for refused connection ENH: Code cleaning to support next appliance release 2022-04-14 5.8.6.1 FIX: Token "Without2FA" where not working all time with LDAP users ENH: Telnyx SMS provider support ENH: AD/LDAP synced user with "Without2FA" token don't need any licence ENH: Email token is now supported for multiOTP Credential Provider (for Windows) ENH: multiOTP Credential Provider: if username doesn't exist, the domain name is shortened step by step 2022-02-10 5.8.5.5 FIX: Upgrade process issue 2022-01-20 5.8.5.2 FIX: Device defined with 0.0.0.0/0 is now supported for multiOTP Credential Provider connection FIX: Better mail server compatibility 2022-01-14 5.8.5.1 ENH: Enhanced multiOTP Credential Provider support 2021-11-18 5.8.3.2 ENH: Enhanced multiOTP Credential Provider support 2021-09-14 5.8.3.0 ENH: New OVA file with full VM distribution ENH: Removed multicast support on the network card 2021-08-19 5.8.2.9 ENH: Added compatibility with new multiOTP Credential Provider (5.8.2 and further) ENH: Additional log messages 2021-04-08 5.8.2.1 ENH: eDirectory LDAP server support 2021-03-25 5.8.1.9 FIX: Cookie privacy (httponly and secure) backported to previous virtual appliances ENH: Weak SSL ciphers disabled 2021-03-21 5.8.1.2 ENH: Up to 7 days log entries available in the embedded log viewer ENH: Storage free space information on dashboard 2021-03-14 5.8.1.1 FIX: In some cases, the HOTP/TOTP was not well computed 2021-02-12 5.8.1.0 FIX: Better unicode handling ENH: Flexible licence support with demo licences 2020-09-20 5.8.0.2 ENH: New Sync Delete Retention Days option in order to purge inexistent AD/LDAP users (default retention value : 30 days) 2020-08-31 5.8.0.0 FIX: Clean automatically the log before the last 100 days FIX: Too many ReadConfigData loop during initialization FIX: Backend configuration access optimized FIX: Better unicode handling ENH: Cookies with HTTPOnly and Secure flag ENH: Raspberry Pi 4B support ENH: Smaller size for binary firmware files ENH: Better custom Fortinet / ZyXEL support 2019-10-23 5.6.1.4 FIX: Configuration storage handling ENH: Generic web based SMS provider support 2019-10-22 5.6.1.3 ENH: Out of sync detection with specific error message ENH: New 64 bits OVA file with full VM distribution ENH: Enhanced custom SMS providers support 2019-07-17 5.5.0.1 FIX: Devices submask calculation error 2019-03-25 5.4.1.8 ENH: Enhanced error messages, more log information ENH: New QRcode library ENH: Added specific vendor device expert setup 2019-01-18 5.4.1.6 FIX: Update process for previous VM distribution 2019-01-18 5.4.1.4 FIX: Better IP address change handling ENH: If any, clean specific NTP DHCP option at every reboot 2019-01-07 5.4.1.1 FIX: Fix some without2FA algorithm issues FIX: Fix some RADIUS challenge/response issues ENH: Additional web based SMS providers support (Swisscom LA REST, Afilnet, Clickatell2, eCall, Nexmo, NowSMS, SMSEagle) ENH: New binary images available (version 008) for Virtual Appliances ENH: Better information on the dashboard 2018-08-22 5.3.0.1 FIX: Additional information and refresh rate in the CLI console ENH: Multiple semicolon separated "Users DN" now supported for AD/LDAP synchronization 2018-07-16 5.2.0.2 ENH: Active Directory nested groups support (user1 in groupA, groupA in groupB, setting the OTP groups to "groupB" will add user1) ENH: Enhanced AD/LDAP support for huge Microsoft Active Directory (much faster) ENH: "Base DN" and "Users DN" are now two different parameters ("Users DN" is optional) 2018-01-03 5.1.0.1 FIX: A user is sometime created automatically (AD/LDAP sync) with a leading backslash ENH: Algorithm selection for automatic AD/LDAP creation ENH: Expired AD/LDAP password support ENH: multiOTP Credential Provider (for Windows) improvements (login@domain.name UPN support, default domain name supported and displayed, SMS request link) 2017-10-24 5.0.5.4 FIX: Depending of the configuration and the AD/LDAP cache feature, empty prefix AD/LDAP password may be accepted 2017-09-29 5.0.5.3 ENH: The proposed mOTP generator for Android/iOS is now OTP Authenticator New QRCode provisioning format for mOTP (compatible with OTP Authenticator) 2017-09-08 5.0.5.0 FIX: Fixed too much detailed information in the log when trying to detect a token serial number for self-registration 2017-05-16 5.0.4.4 ENH: VM plateform version displayed on the console 2017-05-12 5.0.4.3 ENH: Web GUI enhanced performance for the hardware device edition 2017-05-10 5.0.4.1 FIX: A user cannot be created anymore with a leading backslash ENH: A replay during 60 seconds of the previous refused password is rejected, but the error counter is not incremented ENH: Group names are now always trimed to avoid blank spaces ENH: Additional authentication options parameters for fine tuning 2017-01-26 5.0.3.4 FIX: Better Eastern European languages support ENH: UTC added in the list of time zones ENH: Huge AD/LDAP synchronization optimization ENH: In the template, the proposed TOTP/HOTP generator for Android/iOS is now FreeOTP Authenticator ENH: New "Local admin account" attribute for any user, which allows to log-in as an admin, using their username and their prefix (if any) and OTP password. ENH: An invalid login attempt on the console will sent an alert to the Admin contact (if defined) ENH: Multiple purpose tokens provisioning format PSKCV10, like Gemalto e3050cL and t1050 tokens, is now supported. ENH: SOAP service available (compatible with OpenOTP SOAP service) ENH: Multiple groups per user can be enabled (not all devices support multiple groups) ENH: Using AD/LDAP password instead of PIN code can be overwritten or not for all synchronized users 2016-11-14 5.0.3.0 FIX: New customized templates were not always used by the system ENH: Syslog process improved ENH: Log messages better categorized and ordered ENH: RC4 removed from available SSL ciphers 2016-11-04 5.0.2.6 ENH: Performance optimization ENH: External packages update 2016-10-16 5.0.2.5 ENH: Performance optimization 2016-10-03 5.0.2.3 FIX: SSL connection was not working well due to security upgrade 2016-10-03 5.0.2.2 FIX: Fix some configuration backup/restore issue ENH: Accounts can now be created based on other record than the UserId (like the Mail attribute) ENH: Cached requests supported (cached during a specific amount of time, useful for WebDAV authentication) 2016-08-06 5.0.1.5 FIX: Better enhanced characters support in customized templates ENH: Better restore handling from the open source edition ENH: A try on the previous password is rejected, but the error counter is not incremented ENH: It's now possible to check an account from the dashboard 2016-08-02 5.0.1.4 FIX: SSL AD/LDAP connection was not always working with Windows 2008R2 2016-07-29 5.0.1.3 FIX: MS-CHAP and MS-CHAPv2 authentication failed in some specific cases FIX: SSL AD/LDAP also supported with Windows 2012 server FIX: Generated QRcode for mOTP was not compatible with Token2 app FIX: Special AD/LDAP chars support enhanced (as described in RFC4515) ENH: Unified configuration backup and restore format for all editions ENH: User documents language can be based on the user preferred language (synced with AD/LDAP) ENH: Better large AD/LDAP support ENH: AD/LDAP additional log information ENH: The first matching group defined in AD/LDAP group(s) filtering is now defined for the user (this group is returned as the Filter-Id (11) option in a successful RADIUS answer) 2015-07-18 4.3.2.6 FIX: Creation of new users using AD/LDAP take too long if a welcome mail must be sent FIX: Message said that added license was not successfully added, even if it was ENH: QRcode generation for mOTP (motp://[SITENAME]:[USERNAME]?secret=[SECRET-KEY]) 2015-07-15 4.3.2.5 FIX: scratch password PDF generation don't crash anymore when enhanced characters are used ENH: multi_account automatic support, based on the description in AD/LDAP ENH: Appliance is now available as a VMware appliance with open vm tools ENH: Appliance is now available as an Hyper-V appliance 2015-06-09 4.3.2.2 FIX: an empty user name is now directly refused FIX: prefix PIN can contain a minus (-) sign ENH: issuer of the software tokens can be customized (default is multiOTP) ENH: token length error information added in the log ENH: autoresync is now enabled ENH: SSL performance improvement ENH: multiOTP command line client support added (works with MultiOneTimePassword-CredentialProvider) ENH: enhanced information in the log about PDF generation 2014-12-15 4.3.1.1 FIX: system name can now be modified also on virtual appliance ENH: expired accounts in Active Directory are now also synced as disabled ENH: better generic LDAP sync of the description of the users ENH: better generic LDAP sync of the members of a group ENH: expired or disabled accounts in generic LDAP are now also synced as disabled ENH: online help integrated in the GUI (partial content) 2014-12-09 4.3.1.0 FIX: bug fix concerning aspsms provider FIX: after some modifications, the GUI was not refreshed correctly FIX: OTP with integrated serial numbers better supported FIX: Poodlebleed Bug fixed (SSLv3 disabled) ENH: AD/LDAP synchronization is quicker and supports bigger trees ENH: generic LDAP support (instead of Microsoft AD support only) ENH: if users are synced with an AD, it's now possible to use the AD/LDAP password instead of the PIN code ENH: provisioning information can be mailed to a single administrator email address ENH: GUI partially redesigned ENH: Yubico OTP support, including keys import (http://yubico.com/yubikey) ENH: scratch password need also the prefix PIN if it's activated 2014-04-13 4.2.4.2 FIX: Heartbleed bug patched 2014-04-06 4.2.4.1 FIX: when a user is deleted, the token(s) attributed to this user is/are unassigned FIX: radius operation are back in the log ENH: when email is requested, scratch passwords are also sent as an attached file ENH: better configuration reset button support 2014-03-27 4.2.3.9 ENH: template models are available from the GUI 2014-03-13 4.2.3.1 ENH: special chars in user name are now supported (but still not recommended) 2014-03-13 4.2.3.0 ENH: automatically created user can receive provisioning email automatically ENH: enhanced GUI interface with waiting wheel and status bar ENH: customized template also for the provisioning email ENH: additional options to configure the email server 2014-03-03 4.2.2.0 ENH: users creation/activation/desactivation based on AD/LDAP content ENH: scheduled configuration backup per FTP or email ENH: better customized templates support ENH: access to the last 512 entries of the log file 2014-02-07 4.1.2.0 FIX: backend was already logged off, but frontend was still alive FIX: empty token could appears when a hardware token was attributed to a user ENH: MS-CHAP and MS-CHAPv2 authentication support ENH: enhanced GUI with extended options 2014-01-28 4.1.1.1 First public pre-release OTHER PROJECTS USED BY MULTIOTP PRO =================================== barcode (MIT License) Kreative Software https://github.com/kreativekorp/barcode CryptoJS (BSD New) This product contains software provided by Jeff Mott. https://code.google.com/p/crypto-js/ FreeRADIUS (BSD) This product contains software provided by FreeRADIUS team and its contributors. http://freeradius.org/ md5 JavaScript 2010 algorithm (BSD) Joseph Myers, Paul Johnston, Greg Holt, Will Bond http://www.myersdaily.org/joseph/javascript/md5-text.html Nginx (BSD) This product contains software provided by Nginx, Inc. and its contributors. http://nginx.org/ NuSOAP - PHP Web Services Toolkit (LGPLv2.1) NuSphere Corporation http://sourceforge.net/projects/nusoap/ phpseclib (MIT License) MMVI Jim Wigginton http://phpseclib.sourceforge.net/ PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY (LGPLv2.1) Scott Barnett - enhanced by SysCo http://adldap.sourceforge.net/ Sencha Ext JS (GPLv3) Sencha Inc. http://cdn.sencha.com/ext/gpl/4.2.1/ TCPDF (LGPLv3) Nicola Asuni https://tcpdf.org/ XML Parser Class (LGPLv3) Adam A. Flynn - enhanced by SysCo http://www.criticaldevelopment.net/xml/ XPertMailer package (LGPLv2.1) Tanase Laurentiu Iulian http://xpertmailer.sourceforge.net/ The source files of the core of multiOTP can be downloaded at https://download.multiOTP.net/ ``` Hash verification for multiotp-pro-5.9.8.0.zip SHA256:120ee75dcceb732b0e642e995f0db4345a93120187c774b2917b82c7c42e66c8 SHA1:16983e16ae0320ff399ba849b519ce6a10e3cf62 MD5:3e143580fdd9a34d0edefcccd3d4086f ```