You may have received an email from Autodesk over the weekend of May 18, 2019:
This email is kind of cryptic so let’s unpack it for you.
What is Transport Layer Security?
Transport Layer Security (TLS) is basically a way of protecting a computer network when an application is used to communicate with another computer or network.
Why do Autodesk products need TLS?
Autodesk products sometimes need to communicate with Autodesk networks. The main example of this is Autodesk Stand-alone license subscriptions with Single-User Access. This type of license requires a user to validate their Autodesk ID by logging into (“Sign In” shown below) the Autodesk network every 30 days:
If you have this type of license, then you may be familiar with the process that happens if you haven’t signed in to the Autodesk network for a while (30 days). For example, you open AutoCAD, and before you are allowed to continue, you see this:
You can open AutoCAD only after you log into the Autodesk network.
TLS protocols protect you and Autodesk during this “exchange” of data.
So, What’s the Problem?
Older Autodesk software (versions 2014, 2015, 2016, and 2017) are currently setup to use Transport Layer Security (TLS) version 1.0/1.1.
Well, it has been discovered that this version of TLS is vulnerable to a form of cyber attack known as “man-in-the-middle” (MITM) ( https://en.wikipedia.org/wiki/Man-in-the-middle_attack ). This means that during this monthly exchange of data you perform to validate your Autodesk ID, a cyber criminal can step in the middle of that communication and pretend to be the Autodesk network.
Who is NOT affected by this?
You can stop reading with no further actions necessary if you can answer yes to any of these questions:
- Are you only using Autodesk product versions 2018, 2019, and/or 2020?
- Are you only using a network license?
- Do you have a Perpetual License?
Why are these situations NOT affected?
The above scenarios are unaffected by this issue because:
- Later versions of Autodesk software use a later version of TLS (TLS 1.2) which is not vulnerable to attack.
- A network license does not have to communicate with an outside network (i.e. an Autodesk network) in order to distribute a license.
- Perpetual licenses do not require monthly Autodesk ID validation.
What will happen if you are affected and take no action?
So, if you are affected (you cannot answer yes to any of the above 3 questions), then this is what will happen if you don’t do anything:
On June 15, 2019 Autodesk will switch their network to the new TLS version 1.2.
That means that your older Autodesk products using TLS version 1.0 and/or 1.1 will not be able to authenticate and validate your Autodesk ID. You will not be able to login to the Autodesk network.
If you can’t log into the Autodesk network, then you cannot use your Autodesk Products.
What do you need to do if you are affected?
There are two solutions that will resolve this issue and restore access to your software after June 15, 2019.
- Install a later version of your Autodesk software: 2018, 2019, and/or 2020
- Install a patch that will allow your software to support TLS 1.2
The patches can be accessed and downloaded from this website (the one listed in the email):
If you are affected, when do you need to act to be able to continue using your Autodesk product without interruption?
You need to apply the patch or install a later version by June 15, 2019.