Critical Vulnerability for the PG Desktop Client v6.6.0.1

Notification Date: 9/7/2023

Impacted Customers:

• Using PG Desktop Client v6.6.0.1 AND
  Using DUO Push MFA or BIO-key MobileAuth for MFA

Description:

There is a critical vulnerability specific to the PG Desktop client v6.6.0.1.  This vulnerability allows users to bypass Multifactor Authentication when using either DUO Push or BIO-key MobileAuth as the secondary factor.

Remediation:

Impacted customers must contact PortalGuard Technical Support to schedule an upgrade of the PG Desktop client on all workstations to utilize v6.6.0.3.

• KB: How To Submit a Technical Support Ticket

  • Please make particular note if you utilize a silent installation kit to distribute the PG Desktop Client to multiple machines.