multiOTP open source 5.8.1.9

• FIX: Cookie privacy (httponly and secure) backported to previous virtual appliances
• ENH: Cookie privacy (httponly and secure) are now handled in the application directly
• ENH: Weak SSL ciphers disabled
• ENH: Better Docker support
• ENH: Better log handling

Hash verification for multiotp_5.8.1.9.zip 
SHA256:f07fdc9420a2700f5f3627a4f6e8e50fca64ae485214a2fa25ba7a5e738b2fd1 
SHA1:87159d78fb582b20f8d796bd7549e1ba78232fbf 
MD5:3b7d16b66ceb83be0c5800c74ac2a7bc 

multiOTP open source 5.8.1.1

• FIX: In some cases, the HOTP/TOTP was not well computed
• FIX: Too many ReadConfigData loop during initialization
• FIX: Better unicode handling, multibyte fonctions also for mb_substr()
• FIX: A device file was searched with the name of the FreeRADIUS Client-Shortname
• ENH: Enhanced Web GUI accounts list (green=AD/LDAP synced, orange = delayed, red=locked)
• ENH: -sync-delete-retention-days= option is set by default to 30 days
• ENH: VM version 010 support (Debian Buster 10.5, PHP 7.3, FreeRADIUS 3.0.17)
• ENH: MySQL optimization
• ENH: Enhanced windows command line scripts (automatic administrator level)
• ENH: New -sync-delete-retention-days= option in order to purge inexistent AD/LDAP users (SetSyncDeleteRetentionDays and GetSyncDeleteRetentionDays method)
• ENH: Raspberry Pi 4B support
• ENH: New unified distribution
• ENH: Debian Buster 10.5 support
• ENH: Enhanced PHP 7.3 support
• ENH: Better mysqli support for alternate connection port

Hash verification for multiotp_5.8.1.1.zip 
SHA256:9cd03e212323964cd8c9fc2a132a01792d9cc5186c02125d0f06aef957801711 
SHA1:f45b31f5cd7fe596ff7ff8090316b1fbbd611016 
MD5:5d0b90c902edc5f21df5e528001835b3 

multiOTP open source 5.6.1.5

• FIX: Separated configuration/statistics storage handling
• FIX: IsTemporaryBadServer function (thanks to brownowski on GitHub)
• ENH: Better PHP 7.3 support
• ENH: Base32 encoder/decoder new implementation
• ENH: During WriteConfigData, loop on the current values, and check with the old values
• ENH: Enhanced internal tests
• ENH: Give an info if time based token is probably out of sync (in a window 10 time bigger, for example for hardware tokens not used for a long time)
• ENH: Modifications for Debian 10.x (buster) binary images support (64 bits)
• ENH: Enhanced error messages, more log information
• ENH: In debug mode, display an error if logfile cannot be written
• ENH: Global Access-Challenge support
• ENH: New QRcode library used (without external files dependency)
• ENH: New Raspberry images support for Raspberry Pi 1B/1B+/2B/3B/3B+

Hash verification for multiotp_5.6.1.5.zip 
SHA256:9087aab3ac87a8eb31abea435b23108aaa436022e6329011d10a11c2659f8971 
SHA1:6993c5c93bf39e73b9ae529c43fb6b3156c300ec 
MD5:cf9e48e8ff30844a220f8c258440e404 

multiOTP open source 5.4.1.6

• FIX: If any, clean specific NTP DHCP option at every reboot
• ENH: Modifications for Debian 9.x (stretch) binary images support
• ENH: Raspberry Pi 3B+ support
• ENH: Import of PSKC definition files with binary decoding key file
• ENH: Added Swisscom LA REST, Afilnet, Clickatell2, eCall, Nexmo, NowSMS, SMSEagle and custom SMS provider support

Hash verification for multiotp_5.4.1.6.zip 
SHA256:5775693d16a525213b310dd6a570a897d9af7a073a0e995e8baeed34b589e8e9 
SHA1:04a6dccb6b0026dfae31237e6ccdfb7ae87e75ba 
MD5:a8210015c46029755c3fdfd603a03432 

multiOTP open source 5.4.0.1

• FIX: Values of SetUserCacheLevel(), GetUserCacheLevel(), SetUserCacheLifetime() and GetUserCacheLifetime() are not correctly initialized
• Enigma Virtual Box updated to version 9.10 (to create the special all-in-one-file)
• PHP 7.1.22 used in the one single file (only PHP < 7.2 is still compatible with Windows 7/2008)
• Compatibility mode to Windows 7 automatically added for radiusd.exe during radius service installation
• PHP display error flag is now set to off by default in the webservice under Windows

Hash verification for multiotp_5.4.0.1.zip 
SHA256:6fda7fe29953149cc5d8d47ee2fa40cdd339f36c117b063e704a56edb4766662 
SHA1:ec866b1cdb66c719538dfe2ef9977d9c98f00aa1 
MD5:1de9c65eba99c41c9de712e3e8b59d3c 

multiOTP open source 5.3.0.3

• FIX: Better without2FA algorithm support
• FIX: Restore configuration has been fixed in the command line edition
• ENH: Cache-level and cache-lifetime can be set separately for each user
• ENH: In client/server mode, only unencrypted user attributes are sent back to a successful client request
• ENH: Enhanced monitoring
• ENH: Monitoring fields added (create_host, create_time, last_update_host)

Hash verification for multiotp_5.3.0.3.zip 
SHA256:c5d4eddb8de45b18b753f72e6879dd7007b48c2d739db3471e4f3c8ac0d4697b 
SHA1:905b804418aa4decd2e4357493aa867248223359 
MD5:338f73d3987660b92fda63b52d45949a 

multiOTP open source 5.3.0.0

• FIX: stream_timeout is no more pushed to 20 seconds in PostHttpDataXmlRequest if we are in Credential Provider mode
• FIX: RemoveTokenFromUser() method corrected. Token administrative information corrected, new software token created for the user
• ENH: Multiple semicolon separated "Users DN" supported for AD/LDAP synchronization
• ENH: Additional debug messages for disabled users during synchronization
• ENH: Enigma Virtual Box updated to version 9.00 (to create the special all-in-one-file)
• ENH: PHP 7.2.8 used in the one single file
• ENH: without2FA algorithm now available (useful to do 2FA only for some accounts and not for others)

Hash verification for multiotp_5.3.0.0.zip 
SHA256:6417b6cde5c53fb43dc89dc9880ca27e155bf68c10834d531baa589b2b031ed7 
SHA1:b7f29e9191e0b91a00912f9cc2149931a024cc78 
MD5:3cef7c63ec572d654a0d8f295a6c120f 

multiOTP open source 5.2.0.2

• ENH: Enhanced AD/LDAP support for huge Microsoft Active Directory
• ENH: Base DN and Users DN are now two different parameters (Users DN optional)

Hash verification for multiotp_5.2.0.2.zip 
SHA256:e939c1b5e0310cf1c6596602a72b99e276b648c007f3689cb6228b18ff551993 
SHA1:a151fb2c99fcced7ec9d01fcfbbbb7c3347dbf14 
MD5:6fc8240d72fc588a01f912720b7d0771 

multiOTP open source 5.1.1.2

• FIX: typo in the source code of the command line option for ldap-pwd and prefix-pin
• ENH: Dockerfile available
• FIX: Enigma Virtual Box updated to version 8.10 (to create the special all-in-one-file)
• FIX: [Receive an OTP by SMS] link is now fixed for Windows 10
• ENH: Credential Provider registry entries are now always used when calling multiOTP.exe
• FIX: To avoid virus false positive alert, multiOTP.exe is NO more packaged in one single file using Enigma, a php folder is now included in the multiOTP folder
• FIX: multiOTPOptions registry entry is now useless
• ENH: Credential Provider registry entries are used if available

Hash verification for multiotp_5.1.1.2.zip 
SHA256:d8d5011048b94b6e38f5600f56e18d4e3acba82685238e00b4fc2a333177f53a 
SHA1:baf1cbddffca1ebdab247ab22724479e75743c56 
MD5:e4923735c1f11b226b4532bb5fe7567d 

multiOTP open source 5.1.0.3

• Expired AD/LDAP password support
• multiOTP Credential Provider (for Windows) improvements ([email protected] UPN support, default domain name supported and displayed, SMS request link)
• "force_no_prefix_pin" option for devices (for example if the device is a computer with multiOTP credential Provider and AD/LDAP synced password)
• Better unicode handling, multibyte fonctions used when needed (mb_strtolower(), ...)
• Better FreeRADIUS 3.x documentation
• New radius tag prefix configuration option
• New multiple groups device option
• Some notice corrections (if the array element doesn't exist)
• A user cannot be created with a leading backslash (fixed in FastCreateUser and CreateUserFromToken)
• The proposed mOTP generator for Android/iOS is now OTP Authenticator
• New QRCode provisioning format for mOTP (compatible with OTP Authenticator)
• NirSoft nircmd.exe tool removed from the distribution (false virus detection)
• Multiple URLs separator for client/server config is still ";", but [space] and "," are accepted
• New developer mode for some specific detailed logs during development process only
• New methods: SetLdapTlsReqcert, GetLdapTlsReqcert, SetLdapTlsCipherSuite, GetLdapTlsCipherSuite to change config parameters, instead of hard coded parameters (for SSL/TLS LDAP connection)
• Fixed too much detailed information in the log when trying to detect a token serial number for self-registration
• Fixed SSL/TLS LDAP failed connection for PHP 7.x (GnuTLS TLS1.2 restriction removed for PHP 7.x)
• Fixed a typo in the ReadCacheData method for PostgreSQL support (thanks Frank for the feedback)
• Fixed default folder detection for the multiotp.exe file
• Important, under Linux, the config, devices, groups, tokens and users folders are now always located in /etc/multiotp/. Please be sure to make the move when you are upgrading
• Cleaned some ugly PHP warnings when the backend is not initialized

Hash verification for multiotp_5.1.0.3.zip 
SHA256:0bba5cdea1d6319152600908969febd962d4968ce9e140bfd9f372d9e8afa74a 
SHA1:f62940e752b534450e32fd01cc19e9d0b27838c8 
MD5:50c453a9ae2827ff0777d7d79747f39e