System Updates

Alerts & FAQ

Important updates and frequently asked questions for Mideye administrators

Security patching / planned re-start of Mideye primary switch on Thursday 2025-03-20

March 14, 2025

Mideye primary switch will be updated and restarted on Thursday 2025-03-20 between 10:00 and 14:00 UTC. No service downtime is expected, but the primary switch will be unavailable for approximately 3 minutes, during which servers will fail over to the secondary switch. Due to security protocol upgrade, installations still running Mideye server versions below 4.7.2 will remain connected to the secondary switch until upgraded.

Mideye - NPS RADIUS stops working after KB5040437 update

October 02, 2024

This affects customers using MS-CHAPv2 (not PAP). After the KB5040437 security upgrade, the RADIUS communication between MS NPS and Mideye stops working for older versions of the Mideye server (releases up to and including 6.4.2). The problem was initially addressed in Mideye server releases 6.4.3 and 6.4.4. An additional fix to also handle the RADIUS challenge-response dialog is introduced in 6.4.5. Customers are recommended to postpone deployment of KB5040437 in the NPS until the Mideye server has been updated to 6.4.5.

Mideye - NPS RADIUS stops working after KB5040437

August 30, 2024

This affects customers using MS-CHAPv2 (not PAP). After the KB5040437 security upgrade, the RADIUS communication between MS NPS and Mideye stops working for older versions of the Mideye server (releases up to and including 6.4.2). The problem was initially addressed in Mideye server 6.4.3, but a complete fix is available in Mideye server 6.4.4. Until the Mideye server has been upgraded to version 6.4.4, customers are recommended to postpone deployment of KB5040437 in the NPS.

Update Telenor Sweden SMS problems

January 23, 2023

Telenor still seems to have some consequential problems with the SMS-service affecting some users. For users that experience login problems due to SMS delays, we recommend the following:

• A phone re-start (power off – power on).
• Try activation of Mideye+: Instructions
• In the phone settings -> Internet settings -> operator settings: try to change the preference between GSM/3G/4G/5G networks, as the problem seems to be related to which network generation the phone is using.

Updated 2023-02-15 10:00

Telenor report that approximately 5% of text messages sent to users of Telenor Sweden’s network between 10:45-20:36 CET during the incident 2023-01-20 were delivered to a different number than intended. For more information about the incident, see https://telenor.se/felskickade-sms

During the incident, SMS-OTPs were not delivered within our required time window, but Mideye+ activations were in some cases successful (Mideye+ activation allows for SMS delays up to 5 minutes). For security reasons, Mideye+ apps that were activated during the incident have been revoked, and affected users have been informed.

Update Telenor Sweden SMS problems

January 20, 2023

Since 12:12 CET today, Telenor Sweden has general SMS problems, affecting SMS-OTP deliveries and Mideye+ activations. The problem has been reported to the operator and is currently being investigated.

Apache Log4j CVE-2022-23307 vulnerability

January 31, 2022

The vulnerability affects Log4j 1.2.x using the Chainsaw component. Mideye server R4.7.2 uses Log4j 1.2.17, but Chainsaw is not enabled by default and cannot be enabled via the Mideye Configuration Tool. Customers are strongly advised not to enable and use Chainsaw on the Mideye server platform. Also, customers still running Mideye R4 are recommended to upgrade to the latest Mideye server release (R5.6.4 at the time of this alert).

Apache Log4j CVE-2021-44228 vulnerability

December 16, 2021

• Mideye Server 4 releases use Log4j 1.x, not the 2.x version that has the vulnerability. The latest Mideye R4 version (4.7.2) has been tested with malicious code insertion, and we have not been able to detect any vulnerability.

• Mideye Server 5 releases use Logback per default, which is unrelated to log4j 2.x and does not share its vulnerabilities (http://logback.qos.ch/). In R5.6.3, all Log4j2 dependencies are removed from classpaths. This blocks the possibility to manually modify the installation package and enable Log4j instead of the default logging framework (Logback).

• MobileID server (any release) is based on C language code, not Java, and per default Java and Log4j is not installed on MobileID platforms. We have tested MobileID with malicious code inserts that reveal Log4j vulnerabilities, but have not been able to detect any anomalies.

• Mideye central and internal systems are undergoing review, so far no vulnerability has been revealed.

SMS disturbance +31/KPN Netherlands (Closed)

February 04, 2021

Multiple subscribers with KPN Netherlands subscriptions were not able to receive SMS, affecting login with SMS-OTP. Issue resolved from around 13:00 CET.

SMS disturbance +47/Norway (Closed)

January 13, 2021

From 12:44, there was an SMS delivery disturbance affecting +47/Telenor Norway subscribers. 13:56, Telenor reported that the issue was resolved. To mitigate the problem, starting 13:08 all OTPs to +47 numbers were delivered as inbox-SMS instead of the usual flash/pop-up. From 14:13, +47 traffic is back to flash/pop-up again as default.

Disturbance Mideye+ (Closed)

December 01, 2020

During the morning, there have been disturbances in the central system, affecting many users that have activated the Mideye+ app. Affected users have experienced problems with Touch Accept / data push, receiving OTPs as failover SMS instead. The issue should be resolved from 08:26, incident analysis is ongoing.

Network disturbance +46/Sweden Telia (Closed)

November 17, 2020

From 2020-11-16 in the morning, many Telia Sweden mobiles lost network contact and require a phone re-start (power off/power on) in order to be reachable for voice and SMS.

Flash/pop-up SMS presented as inbox SMS in iOS 14

October 14, 2020

With iPhone iOS 14, flash/pop-up text messages are presented as ordinary inbox messages when the screen is locked. Users that are used to receiving flash/pop-up SMS-OTPs also when the screen is locked will notice a change when updating to iOS 14. This is a built-in behaviour in iOS and we are currently not aware of any workaround.

SMS disturbance in +46/Sweden 2020-09-01 (Closed)

September 02, 2020

Starting 2020-09-01 11:14 there was a network disturbance affecting SMS-OTP deliveries to many +46/Sweden subscribers. Ordinary phone-to-phone SMS traffic was also affected. From 12:06, SMS-OTP service was back for the majority of affected users, but as a workaround OTP traffic to most +46/SE numbers (also those not affected by the original problem) was changed to inbox-SMS instead of the usual flash/pop-up. From 2020-09-02 10:30, all traffic is back to the original defaults with flash/pop-up. For any users still experiencing problems, a phone re-start is recommended. If this does not help, contact Mideye Support.

RADIUS Challenge-Response broken in Netscaler 11.1.63.15 (Closed)

April 01, 2020

After upgrade to Citrix Netscaler 11.1.63.15, login with OTP using RADIUS challenge-response does not work. Users can enter userid and password and receive an OTP, but when the OTP is entered for verification login fails. Citrix have published a workaround for this. A similar issue has previously been reported in Netscaler 12.0.62.8 and was solved by upgrading to Netscaler 12.1.55.13.

iPhone warning ‘This sender could not be verified’ (Closed)

May 13, 2019

After update to iOS 12.2, iPhone shows a warning message ’This sender has not been verified’ when displaying flash/pop-up SMS messages.

This is solved in iOS 12.3, released 2019-05-13.