The Improv Blog

ALERT! Kronos InTouch & Kronos 4500 time clock issue: ACTION NEEDED

Written by Jenna DeVries | Dec 17, 2015

Kronos is implementing security changes that affect customers using Kronos 4500 time clock and Kronos Intouch terminals using the SHA-1 hashing algorithm. On January 1st 2016, the Certificate Authorities will no long issue trusted public certificates that use the SHA-1 hashing algorithm. The change is mandated by the C/A browser Forum industry group to improve Internet security as SHA-1 hashing algorithm has become more vulnerable over time.

The changes will be implemented starting January first, meaning the Kronos 4500 and Kronos InTouch terminals that support SHA-1 certificates will continue to function properly until the certificates expire. Customers using SHA-1 certificates should review their Kronos time clock configurations and plan to replace the certificates before the expiration date. The best practice is to replace the SHA-1 certificates with SHA-2 certificates for the corresponding Kronos devices. Not all Kronos device part numbers can run software or firmware versions that support SHA-2; therefore it is crucial to ensure your Kronos device is compatible.

Device Type

Part Number

SHA-2 Support

Software/Firmware Required for SHA-2

Kronos 4500

8602000-xxx

 

No

New Time Clock Needed

Kronos 4500

8602004-xxx

 

Yes

02.03.16 and greater

Kronos 4500

8602800-0xx through -4xx

Yes

02.03.16 and greater

Kronos 4500

8602800-5xx through -9xx

 

Yes

03.00.16 and greater

Kronos Intouch

ALL

Yes

01.00.01 and greater

Solution:

Customers must validate all terminals support SHA-2 hashing algorithm by confirming the firmware version currently installed supports SHA-2 certificates. If the terminals do not meet the firmware requirement and the part number supports the required firmware, load the latest firmware using the chart above as a guideline.

If you use Workforce Central application in the Kronos Cloud environment, please refer to KB60011 for specific instructions.

If your Workforce Central application is not hosted in the Kronos Cloud environment (on premise or hosted elsewhere), please refer to KB60010 for specific instructions.

Subscribe to our blog to stay up to date with WFM updates and news!