In version 4.83.4 of E/RPM, attempting to access the ERPM website while in new PIN mode fails to set the RSA PIN. While in new PIN mode, the new PIN prompt is given at the E/RPM website logon prompt, but after setting the PIN, the new PIN prompt dialogue is brought back again and the new PIN never appears to be set. Also within the RSA authentication server, no attempt to set the PIN is logged.
Two .asp pages used within the E/RPM website contain incorrect statements.
A few simple edits to two .asp pages used by the E/RPM website.
Edit the following two .asp pages (edits are highlighted in red) both of which can be found in the installation directory of the web server upon which the website is installed, typically inetpub\wwwroot\PWCWeb:
LoginRSA.asp change line 172
"SetCommand( 'Set PIN' )",
"SetCommand( 'NewPin' )",
ProcessLoginCommand.asp change line 287
Set oRSAComObject = CreateObject("LIEBSOFTRSASECUR.LiebSoftRSASecurCtrl.1")
Set oRSAComObject = Server.CreateObject("LIEBSOFTRSASECUR.LiebSoftRSASecurCtrl.1")
ProcessLoginCommand.asp change line 305
After editing these two pages, make the same page edits to these same named pages in the WebInterface directory located in the ERPM installation directory of the admin console, typically \Program Files (x86)\Lieberman\Roulette. Files used by the website are copied from this location when installing the website. This will prevent the newly edited web pages from being overwritten with the incorrect statements if you reinstall the website.
This issue will be corrected in the version following version 4.83.4.
Enterprise Random Password Manager (ERPM) 4.83.4
Random Password Manager (RPM) 4.83.4