multiOTP Pro ============ multiOTP Pro is a strong two-factor authentication device multiOTP Pro is OATH certified for HOTP/TOTP (c) 2010-2022 SysCo systemes de communication sa https://www.multiOTP.com/ Current build: 5.9.0.0 (2022-05-18) Table of contents * What's new in this release * Wishlist for future releases * Change Log of released versions WHAT'S NEW IN THIS 5.9.x RELEASE ================================ - New Hyper-V and OVA appliances available (version 011, based on Debian 11) - {MultiotpUserAccount} tag support added in Email template RASPBERRY PI DISTRIBUTION ========================= Please note that an optimized Raspberry Pi binary image is available for any multiOTP Enterprise appliance customer. CHANGE LOG OF RELEASED VERSIONS =============================== 2022-05-18 5.9.0.0 FIX: User account containing special ISO characters are now also converted to UTF ENH: New Hyper-V and OVA appliances available (version 011, based on Debian 11) ENH: {MultiotpUserAccount} tag support added in Email template 2022-04-28 5.8.7.0 ENH: Enhanced log information for refused connection ENH: Code cleaning to support next appliance release 2022-04-14 5.8.6.1 FIX: Token "Without2FA" where not working all time with LDAP users ENH: Telnyx SMS provider support ENH: AD/LDAP synced user with "Without2FA" token don't need any licence ENH: Email token is now supported for multiOTP Credential Provider ENH: multiOTP Credential Provider: if username doesn't exist, the domain name is shortened step by step 2022-02-10 5.8.5.5 FIX: Upgrade process issue 2022-01-20 5.8.5.2 FIX: Device defined with 0.0.0.0/0 is now supported for multiOTP Credential Provider connection FIX: Better mail server compatibility 2022-01-14 5.8.5.1 ENH: Enhanced multiOTP Credential Provider support 2021-11-18 5.8.3.2 ENH: Enhanced multiOTP Credential Provider support 2021-09-14 5.8.3.0 ENH: New OVA file with full VM distribution ENH: Removed multicast support on the network card 2021-08-19 5.8.2.9 ENH: Added compatibility with new multiOTP Credential Provider (5.8.2 and further) ENH: Additional log messages 2021-04-08 5.8.2.1 ENH: eDirectory LDAP server support 2021-03-25 5.8.1.9 FIX: Cookie privacy (httponly and secure) backported to previous virtual appliances ENH: Weak SSL ciphers disabled 2021-03-21 5.8.1.2 ENH: Up to 7 days log entries available in the embedded log viewer ENH: Storage free space information on dashboard 2021-03-14 5.8.1.1 FIX: In some cases, the HOTP/TOTP was not well computed 2021-02-12 5.8.1.0 FIX: Better unicode handling ENH: Flexible licence support with demo licences 2020-09-20 5.8.0.2 ENH: New Sync Delete Retention Days option in order to purge inexistent AD/LDAP users (default retention value : 30 days) 2020-08-31 5.8.0.0 FIX: Clean automatically the log before the last 100 days FIX: Too many ReadConfigData loop during initialization FIX: Backend configuration access optimized FIX: Better unicode handling ENH: Cookies with HTTPOnly and Secure flag ENH: Raspberry Pi 4B support ENH: Smaller size for binary firmware files ENH: Better custom Fortinet / ZyXEL support 2019-10-23 5.6.1.4 FIX: Configuration storage handling ENH: Generic web based SMS provider support 2019-10-22 5.6.1.3 ENH: Out of sync detection with specific error message ENH: New 64 bits OVA file with full VM distribution ENH: Enhanced custom SMS providers support 2019-07-17 5.5.0.1 FIX: Devices submask calculation error 2019-03-25 5.4.1.8 ENH: Enhanced error messages, more log information ENH: New QRcode library ENH: Added specific vendor device expert setup 2019-01-18 5.4.1.6 FIX: Update process for previous VM distribution 2019-01-18 5.4.1.4 FIX: Better IP address change handling ENH: If any, clean specific NTP DHCP option at every reboot 2019-01-07 5.4.1.1 FIX: Fix some without2FA algorithm issues FIX: Fix some RADIUS challenge/response issues ENH: Additional web based SMS providers support (Swisscom LA REST, Afilnet, Clickatell2, eCall, Nexmo, NowSMS, SMSEagle) ENH: New binary images available (version 008) for Virtual Appliances ENH: Better information on the dashboard 2018-08-22 5.3.0.1 FIX: Additional information and refresh rate in the CLI console ENH: Multiple semicolon separated "Users DN" now supported for AD/LDAP synchronization 2018-07-16 5.2.0.2 ENH: Active Directory nested groups support (user1 in groupA, groupA in groupB, setting the OTP groups to "groupB" will add user1) ENH: Enhanced AD/LDAP support for huge Microsoft Active Directory (much faster) ENH: "Base DN" and "Users DN" are now two different parameters ("Users DN" is optional) 2018-01-03 5.1.0.1 FIX: A user is sometime created automatically (AD/LDAP sync) with a leading backslash ENH: Algorithm selection for automatic AD/LDAP creation ENH: Expired AD/LDAP password support ENH: multiOTP Credential Provider (for Windows) improvements (login@domain.name UPN support, default domain name supported and displayed, SMS request link) 2017-10-24 5.0.5.4 FIX: Depending of the configuration and the AD/LDAP cache feature, empty prefix AD/LDAP password may be accepted 2017-09-29 5.0.5.3 ENH: The proposed mOTP generator for Android/iOS is now OTP Authenticator New QRCode provisioning format for mOTP (compatible with OTP Authenticator) 2017-09-08 5.0.5.0 FIX: Fixed too much detailed information in the log when trying to detect a token serial number for self-registration 2017-05-16 5.0.4.4 ENH: VM plateform version displayed on the console 2017-05-12 5.0.4.3 ENH: Web GUI enhanced performance for the hardware device edition 2017-05-10 5.0.4.1 FIX: A user cannot be created anymore with a leading backslash ENH: A replay during 60 seconds of the previous refused password is rejected, but the error counter is not incremented ENH: Group names are now always trimed to avoid blank spaces ENH: Additional authentication options parameters for fine tuning 2017-01-26 5.0.3.4 FIX: Better Eastern European languages support ENH: UTC added in the list of time zones ENH: Huge AD/LDAP synchronization optimization ENH: In the template, the proposed TOTP/HOTP generator for Android/iOS is now FreeOTP Authenticator ENH: New "Local admin account" attribute for any user, which allows to log-in as an admin, using their username and their prefix (if any) and OTP password. ENH: An invalid login attempt on the console will sent an alert to the Admin contact (if defined) ENH: Multiple purpose tokens provisioning format PSKCV10, like Gemalto e3050cL and t1050 tokens, is now supported. ENH: SOAP service available (compatible with OpenOTP SOAP service) ENH: Multiple groups per user can be enabled (not all devices support multiple groups) ENH: Using AD/LDAP password instead of PIN code can be overwritten or not for all synchronized users 2016-11-14 5.0.3.0 FIX: New customized templates were not always used by the system ENH: Syslog process improved ENH: Log messages better categorized and ordered ENH: RC4 removed from available SSL ciphers 2016-11-04 5.0.2.6 ENH: Performance optimization ENH: External packages update 2016-10-16 5.0.2.5 ENH: Performance optimization 2016-10-03 5.0.2.3 FIX: SSL connection was not working well due to security upgrade 2016-10-03 5.0.2.2 FIX: Fix some configuration backup/restore issue ENH: Accounts can now be created based on other record than the UserId (like the Mail attribute) ENH: Cached requests supported (cached during a specific amount of time, useful for WebDAV authentication) 2016-08-06 5.0.1.5 FIX: Better enhanced characters support in customized templates ENH: Better restore handling from the open source edition ENH: A try on the previous password is rejected, but the error counter is not incremented ENH: It's now possible to check an account from the dashboard 2016-08-02 5.0.1.4 FIX: SSL AD/LDAP connection was not always working with Windows 2008R2 2016-07-29 5.0.1.3 FIX: MS-CHAP and MS-CHAPv2 authentication failed in some specific cases FIX: SSL AD/LDAP also supported with Windows 2012 server FIX: Generated QRcode for mOTP was not compatible with Token2 app FIX: Special AD/LDAP chars support enhanced (as described in RFC4515) ENH: Unified configuration backup and restore format for all editions ENH: User documents language can be based on the user preferred language (synced with AD/LDAP) ENH: Better large AD/LDAP support ENH: AD/LDAP additional log information ENH: The first matching group defined in AD/LDAP group(s) filtering is now defined for the user (this group is returned as the Filter-Id (11) option in a successful RADIUS answer) 2015-07-18 4.3.2.6 FIX: Creation of new users using AD/LDAP take too long if a welcome mail must be sent FIX: Message said that added license was not successfully added, even if it was ENH: QRcode generation for mOTP (motp://[SITENAME]:[USERNAME]?secret=[SECRET-KEY]) 2015-07-15 4.3.2.5 FIX: scratch password PDF generation don't crash anymore when enhanced characters are used ENH: multi_account automatic support, based on the description in AD/LDAP ENH: Appliance is now available as a VMware appliance with open vm tools ENH: Appliance is now available as an Hyper-V appliance 2015-06-09 4.3.2.2 FIX: an empty user name is now directly refused FIX: prefix PIN can contain a minus (-) sign ENH: issuer of the software tokens can be customized (default is multiOTP) ENH: token length error information added in the log ENH: autoresync is now enabled ENH: SSL performance improvement ENH: multiOTP command line client support added (works with MultiOneTimePassword-CredentialProvider) ENH: enhanced information in the log about PDF generation 2014-12-15 4.3.1.1 FIX: system name can now be modified also on virtual appliance ENH: expired accounts in Active Directory are now also synced as disabled ENH: better generic LDAP sync of the description of the users ENH: better generic LDAP sync of the members of a group ENH: expired or disabled accounts in generic LDAP are now also synced as disabled ENH: online help integrated in the GUI (partial content) 2014-12-09 4.3.1.0 FIX: bug fix concerning aspsms provider FIX: after some modifications, the GUI was not refreshed correctly FIX: OTP with integrated serial numbers better supported FIX: Poodlebleed Bug fixed (SSLv3 disabled) ENH: AD/LDAP synchronization is quicker and supports bigger trees ENH: generic LDAP support (instead of Microsoft AD support only) ENH: if users are synced with an AD, it's now possible to use the AD/LDAP password instead of the PIN code ENH: provisioning information can be mailed to a single administrator email address ENH: GUI partially redesigned ENH: Yubico OTP support, including keys import (http://yubico.com/yubikey) ENH: scratch password need also the prefix PIN if it's activated 2014-04-13 4.2.4.2 FIX: Heartbleed bug patched 2014-04-06 4.2.4.1 FIX: when a user is deleted, the token(s) attributed to this user is/are unassigned FIX: radius operation are back in the log ENH: when email is requested, scratch passwords are also sent as an attached file ENH: better configuration reset button support 2014-03-27 4.2.3.9 ENH: template models are available from the GUI 2014-03-13 4.2.3.1 ENH: special chars in user name are now supported (but still not recommended) 2014-03-13 4.2.3.0 ENH: automatically created user can receive provisioning email automatically ENH: enhanced GUI interface with waiting wheel and status bar ENH: customized template also for the provisioning email ENH: additional options to configure the email server 2014-03-03 4.2.2.0 ENH: users creation/activation/desactivation based on AD/LDAP content ENH: scheduled configuration backup per FTP or email ENH: better customized templates support ENH: access to the last 512 entries of the log file 2014-02-07 4.1.2.0 FIX: backend was already logged off, but frontend was still alive FIX: empty token could appears when a hardware token was attributed to a user ENH: MS-CHAP and MS-CHAPv2 authentication support ENH: enhanced GUI with extended options 2014-01-28 4.1.1.1 First public pre-release OTHER PROJECTS USED BY MULTIOTP PRO =================================== barcode (MIT License) Kreative Software https://github.com/kreativekorp/barcode CryptoJS (BSD New) This product contains software provided by Jeff Mott. https://code.google.com/p/crypto-js/ FreeRADIUS (BSD) This product contains software provided by FreeRADIUS team and its contributors. http://freeradius.org/ md5 JavaScript 2010 algorithm (BSD) Joseph Myers, Paul Johnston, Greg Holt, Will Bond http://www.myersdaily.org/joseph/javascript/md5-text.html Nginx (BSD) This product contains software provided by Nginx, Inc. and its contributors. http://nginx.org/ NuSOAP - PHP Web Services Toolkit (LGPLv2.1) NuSphere Corporation http://sourceforge.net/projects/nusoap/ phpseclib (MIT License) MMVI Jim Wigginton http://phpseclib.sourceforge.net/ PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY (LGPLv2.1) Scott Barnett - enhanced by SysCo http://adldap.sourceforge.net/ Sencha Ext JS (GPLv3) Sencha Inc. http://cdn.sencha.com/ext/gpl/4.2.1/ TCPDF (LGPLv3) Nicola Asuni https://tcpdf.org/ XML Parser Class (LGPLv3) Adam A. Flynn - enhanced by SysCo http://www.criticaldevelopment.net/xml/ XPertMailer package (LGPLv2.1) Tanase Laurentiu Iulian http://xpertmailer.sourceforge.net/ The source files of the core of multiOTP can be downloaded at https://download.multiOTP.net/ ``` Hash verification for multiotp-pro-5.9.0.0.zip SHA256:b4b08d0ac5659d8bd31a7b9d6800efa49a3ff0e2ea823a263cd96893b921aebb SHA1:55c3cd631dcf93a1493bd4ed568c9f1a91e9fd10 MD5:95b6369fa42786e13e520353e90f48e2 ```