RSA Announces Firmware Update for DS100 Hardware Authenticator
The 1.0.3.0061 firmware update for the RSA DS100 Hardware Authenticator is now available for download at https://community.rsa.com/ds100-latest-firmware (no login required). RSA recommends upgrading to the latest firmware at the earliest opportunity.
End users can perform the update themselves using their organization managed Windows computers if the following conditions are met:
- The IT staff has deployed the RSA FIDO Management Service 1.1.0 on organization systems.
- Users are not blocked from installing the RSA Authenticator 6.2 (or higher) from the Microsoft store, or the RSA Authenticator 6.2 (or higher) has already been deployed on organization systems.
For step-by-step instructions on how to perform the firmware update, see the RSA DS100 Firmware Update Quick Start Guide included in the firmware download package.
The 1.0.3.0061 firmware update includes the following improvements and fixes:
- Removed unused firmware routines to recover space for adding new features in future releases.
- Fixed two bugs that improve the security of firmware operations (out-of-bounds memory access prohibited).
- Firmware updates are now encrypted as they are copied to DS100, which prevents a partial firmware upload from being used as a data exfiltration mechanism from highly secure workspace environments (like SCIFs).
- Fixed a bug in which if two or more accounts (e.g., a user with standard account and an administrator account) registered two or more FIDO Passkey credentials on the DS100 with the same Relying Party/FIDO Server (Entra ID), the user might only be able to use the last FIDO Passkey registered to perform a login to a Windows computer while the computer is offline.
This bug could also impact any other use of the multiple FIDO credentials registered against the same Relying Party that leverage the FIDO HMAC-secret feature, for example, a FIDO PRF use case. - Improved random number generation to comply with NIST SP 800-90B guidelines. This improves the security of FIDO Passkeys registered in the DS100 and provides better protection for SecurID OTP credentials (seeds) in transit from the RSA ID Plus Cloud service during OTP credential registration.
- Once the firmware of a DS100 authenticator has been upgraded to 1.0.3.0061, it is no longer possible to downgrade to a previous firmware version. This ensures that the space savings are maintained and that the security fixes cannot be rolled back.
Related Articles
RSA Announces Firmware Update for DS100 Hardware Authenticator Number of Views Cloud Administration Disable SecurID DS100 OTP Credential API Number of Views RSA DS100 Deployment Guide Number of Views Cloud Administration Delete SecurID DS100 OTP Credential API Number of Views Cloud Administration Enable SecurID DS100 OTP Credential API Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
