Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.

Overview

This post provides information on the retirement of the Cyberoam General Authentication Client. The General Authentication Client is a standalone application for Cyberoam identity-based UTM appliances. It authenticates users with Cyberoam integrated with local or external authentication servers.

Applies to the following Cyberoam products and versions
Cyberoam General Authentication Client (All versions)
Cyberoam UTM appliances

Announcement

Effective March 31, 2020, Sophos is transitioning the Cyberoam General Authentication Client to the End-of-Life (EOL) phase of its product lifecycle. End-of-Life is the date at which Sophos and Cyberoam will cease providing support for the related product or service including any updates.

Milestones

Client

End-of-Life (EOL)

Cyberoam General Authentication Client

31-MAR-2020

Known Issues 

There is a known local privilege escalation issue that could potentially allow a local attacker on the endpoint to use the authentication client to elevate their privilege and act as the Local System account. Because of this issue, Sophos strongly recommends anyone using the client transition to one of the solutions listed below. 

Migration Path

Customers using the Cyberoam General Authentication Client should transition to Captive Portal or Cyberoam Transparent Authentication Suite (CTAS) for desktop devices, or register clientless users.

Related information

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.

Feedback and contact

If you've spotted an error or would like to provide feedback on this blog post, please use the section below. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Anonymous