Fortinet opublikował aktualizację dla produktu FortiAuthenticator o numerze wersji 6.3.4. Nowa wersja oprogramowania ze względów bezpieczeństwa przynosi aktualizację komponentów – OpenLDAP, libxml2, OpenSSL, co sprawia że sam FortiAuthenticator w tej wersji jest wolny od podatności CVE-2022-0778.
Rozwiązane problemy:
Bug ID | Description |
---|---|
837219 | FortiAuthenticator-VM on same Hyper-V host cannot form HA A/A cluster after July 2022 Windows Updates. |
861776 | Upgrade OpenSSL from 1.1.1n to 1.1.1s, then again to 1.1.1t. |
774147 | FortiAuthenticator – [FG-IR-21-254] `Host` header injection. |
831595 | CLI – Setting timezone and DNS does not clear GUI settings cache. |
791452 | OpenSSL 1.1.1n – Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778). |
830002 | XSS observed in the password reset done page. |
800714 | [3rd party component upgrade required for security reasons] FortiAuthenticator– OpenLDAP to 2.6.2. |
814167 | [3rd party component upgrade required for security reasons] FortiAuthenticator– libxml2 to 2.9.14. |
805720 | [3rd party component upgrade required for security reasons] FortiAuthenticator – linux_kernel to 5.10.111/5.4.189/4.19.238/4…. |
803891 | SAML peer certificate expiration issue and XML security issue. |
788824 | [3rd party component upgrade required for security reasons] FortiAuthenticator – Dirty Pipe Vulnerability on Linux Kernel. |
Common Vulnerabilities and Exposures
FortiAuthenticator is no longer vulnerable to the following CVE-Reference(s):
Bug ID | CVE references |
---|---|
791452 | CVE-2022-0778 |
Znane problemy:
Bug ID | Description |
---|---|
737078 | Private IPv6 address added to SSO list instead of the public IPv6 when received from a RADIUS accounting source. |
730474 | FortiAuthenticator IdP proxy fails to proxy SAML assertions received from remote IdP when a user attribute with the same name exists. |
730640 | When signing a CSR via SCEP, FortiAuthenticator returns „Unable to sign request, Unable to find a unique name”. |
738349 | SAML querying LDAP when the user is admin instead of looking user locally on remote LDAP users. |
748818 | Device Enrollment in SCEP does not work. |
744768 | FortiAuthenticator is not logging LDAP group membership changes. |
754589 | Push service does not recognize the realm from FortiAuthenticator agent. |
670317 | It is not possible to resize/change columns width in a log table. |
632248 | Unable to provide publisher details or assign code signing certificate to a Smart Connect profile. |
737727 | Change in the password complexity rule is not taking effect. |
744916 | Sort by name in the sponsor list of the self-registration guest portal. |
729674 | FortiToken Mobile license status on LB nodes shows unknown. |
735782 | Alcatel RADIUS VSA dictionary needs to be updated. |
721189 | No update on the number of sent message on the dashboard. |
731626 | Limit of 64 characters in SAN DNS field for CSR/certificate creation. |
754239 | LB secondary not syncing when we failover to secondary FortiAuthenticator. |
747259 | FSAE is using high CPU. |
756786 | Guest portal authentication request failed with Cisco WLC. |
586851 | HTTP of FortiAuthenticator cannot be closed. |
712251 | Column resize or sort does not work properly in FortiAuthenticator tables. |
712899 | SMTP error messages does not provide accurate information. |
731175 | Provide skeleton language pack. |
711721 | Groups sorting differences when importing LDAP groups in SSO groups and FortiGate filtering. |
723065 | HA connection status is still showing connected even when the primary FortiAuthenticator is already shutdown. |
603510 | Memory usage is high. |
685295 | Implement correct handling of VM license in case of configuration conversion. |
701758 | Problem setting static IP address on a FortiAuthenticator VM installed on a XenServer. |
709007 | Error when Importing remote LDAP user. |
704565 | FortiAuthenticator only applies one captive portal policy, ignores RADIUS client IP/AP IP in portal policy selection. |
714927 | Unable to expand FortiAuthenticator „data drive” beyond 2 TB. |
717175 | Local users export/import feature does not work if bcrypt hash is used. |
592837 | Sponsor accounts can add guest user accounts to non-guest groups. |
692839 | Local cert for GUI rejected despite SAN field. |
632629 | Smart Connect WPA2-Personal profile fails when WPA2-Enterprise settings are left in place. |
622426 | MAC address parameter in portal policy should only allow MAC addresses. |
697447 | Octet/ASCII conversion for all RADIUS attribute-value pair inputs. |
693151 | Allow deletion of expired user and local service certificates. |
725339 | Update to 6.3.1 produces 503 server error for GUI under heavy SCEP traffic. |
729018 | Concatenated style OTP not working with Windows-AD auth enabled. |
733115 | Authentication using OTP instead FIDO before FIDO token register does not work. |
733985 | Built-in big switch network RADIUS attributes cause failure to send ACCESS-ACCEPT. |
665384 | HA failover doesnot work reliably after maintenance mode is disabled on a high priority node. |
706701 | FortiAuthenticator cluster is inconsistently accessible via HA interfaces from outside the HA subnet. |
767387 | Unable to issue new certificates through SCEP with large number of revoked certs. |
746567 | Importing local users from CSV – FortiAuthenticator LB shows „In Sync with Anomalies”. |
765446 | 500 Internal server error when adding admin profiles or user groups. |
766379 | Pending or deleted CSR and revoked certificates do not sync to LB secondary. |
763568 | The timestamp of the account status for lockout is Greenwich Mean Time 00:00 regardless of system time. |
745497 | Kerberos not working for AES. |
758008 | FortiAuthenticator joining domain and using the incorrect domain name (DNS) if the name is the same in several LDAP servers. |
756782 | FortiAuthenticator GUI cannot show how many users on each group. |
Notatki producenta: FortiAuthenticator 6.3.4
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie