Critical Vulnerability for the PG Desktop Client v6.6.0.1
Notification Date: 9/7/2023
Impacted Customers:
Using PG Desktop Client v6.6.0.1 AND
Using DUO Push MFA or BIO-key MobileAuth for MFA
Description:
There is a critical vulnerability specific to the PG Desktop client v6.6.0.1. This vulnerability allows users to bypass Multifactor Authentication when using either DUO Push or BIO-key MobileAuth as the secondary factor.
Remediation:
Impacted customers must contact PortalGuard Technical Support to schedule an upgrade of the PG Desktop client on all workstations to utilize v6.6.0.3.
KB: How To Submit a Technical Support Ticket
Please make particular note if you utilize a silent installation kit to distribute the PG Desktop Client to multiple machines.