This release prevents malicious code from redirecting a hyperlink in the SolarWinds Web Help Desk® software user interface to an unauthorized third-party website or resource.
After you click “Forgot Password” on the login screen, Web Help Desk verifies your current email address and redirects you back to the application using a secure connection to reset your password.
Web Help Desk software now prevents unauthorized LDAP client account users from logging into an LDAP tech account with an identical username. In version 12.5.1 and earlier, Web Help Desk used separate methods to provide LDAP authentication for techs and clients. After you install this release, the tech LDAP authentication functionality is removed. All techs who used this functionality will have their WHD password reset and receive an email with steps to log in to Web Help Desk.
Before you install this upgrade, ensure that all techs have client accounts (authenticated through LDAP) linked to their tech accounts. Also ensure that no tech usernames match any new or existing client usernames. After the upgrade, all techs must access their tech account using their client account or their WHD tech username and WHD password (which can be reset using the password reset logic).