Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TChandler
Contributor
Contributor

RSA Authentication Manager 8.6 Security Questions

Jump to solution

According to the release notes of RSA Authentication Manager 8.6 the "RSA Authentication Manager contains the new features and enhancements from RSA Authentication Manager 8.5 Patch 1 through Patch 3... The fixes and enhancements from later version 8.5 patches are available in future version 8.6 patches." 

Does that mean the security fixes for 8.5 patches 4 & 5 are not yet included in the 8.6 release?

 

RSA 8.6 Announcement Page

https://community.rsa.com/t5/securid-access-product/rsa-announces-rsa-authentication-manager-8-6-with-a-new-rsa/ta-p/634987 

RSA 8.5 Patch 5 Vulnerability Advisory Page

https://community.rsa.com/t5/securid-access-product/rsa-2021-14-securid-authentication-manager-security-update-fora-p/633802 

Labels (1)
1 Solution

Accepted Solutions
KevinDouglas
Respected Contributor Respected Contributor
Respected Contributor

Hi TChandler

Yes, you are interpreting correctly.   There is lower level Patch numbers not in 8.6.  This is due to cutoff times, to thoroughly test 8.6.

Usually any thing that didn't make the cut will be in Patch 1

Cheers,

Kevin

View solution in original post

0 Likes
6 Replies
JohnNeset
New Contributor
New Contributor

RSA Product releases are rubbish overall-always late & trashy.

They certainly weren't on top of supporting Windows 10.

We've got some random 1% vanishing Offline Auth cache issues with RSA Agent 7.4.3 & 7.4.4 both that really became abrupt during start of WFH VPN reliance apocalypse. No updates to RSA Agent in near a year & wouldn't be 1st time support swept our Win10 issues under the rug, but suddenly resolved & noted in release notes many versions later.

That and I'm certain there's little to no US support team whatsoever anymore as the replica backup 8.5 base issue (can't manually backup correctly still today) ticket tech & his team that I piggybacked into taking my Offline Auth ticket got laid off. Our rep continually stated the ticket was being transferred over, not so much-India support, not for the win. It's your AV-no way!

0 Likes
KevinDouglas
Respected Contributor Respected Contributor
Respected Contributor

Hi John,

Yikes, rough words to hear about our installs.

Like many companies we've had a lot of change in the last 18 months or so.  We are doing our best and if we've not done right by a case let us know we'll step up our game.

We have US support, I manage the team. ( We do have that support contract ) 

Regarding the case issues, if they are not resolved open a case and drop my name on it.  I can't guarantee it would be out of the US,  but will do my best to have the issue worked to completion.

Here's to hoping you and all on the Community are safe, as we get through this. šŸ™‚

-Kevin

0 Likes
KevinDouglas
Respected Contributor Respected Contributor
Respected Contributor

Hi TChandler

Yes, you are interpreting correctly.   There is lower level Patch numbers not in 8.6.  This is due to cutoff times, to thoroughly test 8.6.

Usually any thing that didn't make the cut will be in Patch 1

Cheers,

Kevin

0 Likes

@KevinDouglas 

In regards to our next update (we're currently on AM 8.5.0.4) it's either update to 8.5.0.5 to make sure we're up-to-date on our security fixes but not have the new features in AM 8.6 or update to 8.6 to get the new features but lose the most recent security fixes.

Do you have an ETA for AM 8.6.0.1, as it sound like from a security perspective, the best update plan would be to go to 8.5.0.5 now and wait for AM 8.6.0.1 to be released.

0 Likes
GaryWood
Occasional Contributor Occasional Contributor
Occasional Contributor

As Kevin has provided 8.5 patches 4 & 5 will be rolled into AM 8.6 Patch 1.   Release date for Patch 1 does not have an official committed release but the target is mid Q4.  

0 Likes

Hi David,

I like the strategy, security first. And it does take a bit more effort.

In managing the Designated Support Program here as much as I enjoy a shiny new feature many customers take that Security first approach.  It's a fine balance isn't it.

I don't have an ETA, but our engineering teams are always working diligently to get the next release out the door.  šŸ™‚

Keep an eye on our Advisories in the Community and we'll let you know.

Thanks,

Kevin

P.S Ha, I see my colleague got in here first.  He types faster or I need less words.!!!  Hope the weekend treats you well.

0 Likes