Update
Qiata Version 3.11.0 available
Now with 2-factor authentication
Most users know that passwords are very important nowadays, but many still neglect to take the necessary care. They store their passwords incorrectly and in many cases do not choose the necessary complexity. This makes it particularly easy for cyber criminals. To reduce the risk, there are several methods available today. One of them is two-factor authentication. Instead of a single password, users must enter another authentication feature to complete authentication. This second factor ensures that the login attempt is really made by the user. Such a second factor can be the cell phone, for example. In case of doubt, physical access to the cell phone should only be possible for the specific user. Especially when transferring security-critical files, as is the case with Qiata, appropriate security is important.
Therefore, users have the possibility with Qiata version 3.11.0 to additionally secure their account with a one-time password. One-time passwords (OTP's) extend the authentication of users by a second factor and thus request an additional authentication feature for the exact identification of the corresponding user. Qiata uses so-called time-based one-time passwords for this purpose, i.e. one-time passwords that are limited in time. Each one-time password is only valid for a single use and cannot be used a second time. Accordingly, each authentication requires a new one-time password.
Since TOTP's are standardized and widely used, there are many mobile clients and solutions for generating and connecting them. We recommend using TOTP applications such as: Microsoft Authenticator, Google Authenticator, Authy or the LastPass Authenticator.
Qiata Changes
- Added One-Time Password (TOTP) feature
- Updated to ClamAV version 0.104.2
- Completely removed jQuery from templates
- Fixed a problem where link based logins failed when user authenticates against LDAP
- Fixed a problem where password reset asked for old password
DOMOS Changes
- Updated kernel version, fixed several issues: CVE-2020-36385, CVE-2021-3656, CVE-2021-3653 and more
- openssh: used ciphers and algorithms updated
- openssh, openssl and sudo updated
- updates of other packages
- DOMOS WebUI: update webserver