Upgraded from 5.6.0 to 5.6.8 for the AD integration.

Issue: Anyone logged onto server, can access VC.

1) Enabled AD in VC server settings
2) Added two AD users
3) Validated I can log in as AD user
4) Logged onto to local server as AD user with local admin privs who is a not a VC user
5) Opened VC and recieved incorrent user name/pswd error
6) Changed user name to a permitted AD user, left password blank and was able to log in!! VC shows admin is logged in.
7) Disabled VC admin user and restarted service. Issue remains.

Issue: Any remote user can access VC without password.

User B has admin privs on Server 1 but not server 2. User B has no VC privs on either server.
User A is local admin on Server 1 & 2 and has AD VC privs on Server 2

1) User B connects from Server 1 VC client to Server 2.
2) User B gets invalid login.
3) User B sets login to be local user
4) User B replaces connection username with User A (no password)
5) User B successfully connected to VC server on Server 2.

Anyone who knows where I have VC installed and knows an AD username with VC privs, can now access my VC installs?

Thanks for your report Mike. We edited the message while we are investigating this. We will get back to you soon after some tests.

---

Hi Mike,

please uninstall current version and test this attached version.

---

That seems to have addressed the issue

Thank you for your report Mike. We will probably have an official update anytime soon. However, there are only these changes in this version:

[BUGFIX] API/Server/ClientI: Fixed a license problem (maintenance expired)
[BUGFIX] Client/Server: Fixed a security issue with Active Directory logon method

---