Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
This post provides information on the retirement of the Cyberoam General Authentication Client. The General Authentication Client is a standalone application for Cyberoam identity-based UTM appliances. It authenticates users with Cyberoam integrated with local or external authentication servers.
Applies to the following Cyberoam products and versions Cyberoam General Authentication Client (All versions) Cyberoam UTM appliances
Effective March 31, 2020, Sophos is transitioning the Cyberoam General Authentication Client to the End-of-Life (EOL) phase of its product lifecycle. End-of-Life is the date at which Sophos and Cyberoam will cease providing support for the related product or service including any updates.
Cyberoam General Authentication Client
There is a known local privilege escalation issue that could potentially allow a local attacker on the endpoint to use the authentication client to elevate their privilege and act as the Local System account. Because of this issue, Sophos strongly recommends anyone using the client transition to one of the solutions listed below.
Customers using the Cyberoam General Authentication Client should transition to Captive Portal or Cyberoam Transparent Authentication Suite (CTAS) for desktop devices, or register clientless users.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.