LoginTC CVE-2024-3094 Impact
April 03, 2024 •
In light of the public disclosure of the compromised xz library packages (CVE-2024-3094), our security team has performed a thorough review of the xz library packages in all LoginTC appliances to determine the CVE-2024-3094 impact on our services.
Does CVE-2024-3094 impact LoginTC?
No, CVE-2024-3094 does not impact LoginTC Cloud services.
Are the LoginTC appliances affected? Do I need to update LoginTC appliances running on my premises?
No, LoginTC appliances are not affected. This includes:
- LoginTC RADIUS Connector 4.x.x
- LoginTC RADIUS Connector 3.x.x
- LoginTC Managed 2.x.x
- LoginTC Managed 1.x.x
Furthermore, newer versions of LoginTC appliances (LoginTC RADIUS Connector 4.x.x) have SSH access disabled by default to minimize the potential attack surface for vulnerabilities.
Are the LoginTC connectors affected?
No, other LoginTC connectors and software do not include any xz library packages and are not affected.
If you are currently running the LoginTC RADIUS Connector 3.x.x, we strongly recommend you upgrade to LoginTC RADIUS Connector 4.x.x before the June 30, 2024 end-of-life date. See the LoginTC RADIUS Connector Upgrade Guide for instructions.
If you have any questions about our security review, don’t hesitate to reach out by phone at 1-877-564-4682 or email at support@cyphercor.com.