Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

449443 FortiAuthenticator Agent For Microsoft Windows does not display the user credentials when access the server through RDP.
481255 Gpart root shell implant against VM appliances.
530392 Cannot log in with social users on guest portal if their account has expired.
548527 Cannot unlock a user account that has been locked due to repeated invalid password entry from User Lookup page.
548689 Don't delete a revoked local service cert until expiry.
567598 FortiAuthenticator doesn't check that converted-format organization image meets file size requirements.
571782 Misc-Reverse-Tabnabbing.
573346 FortiAuthenticator delays forwarding authentication request to remote RADIUS.
575128 Allow deletion of imported Local Service certificates.
575261 RADIUS authentication is successful when using an invalid realm.
578190 Cancel button does not work throughout creation of a Guest Portal Smart Connect Profile.
580360 OK button doesn't do anything under when importing an SSO User.
583516 Gateway timeout error when downloading user audit report.
587113 RADIUS daemon needs to be restarted after adding a custom dictionary.
587370 Make it easier to use strings with RADIUS attributes of OCTETS type.
596985 Anonymous PEAP/TTLS issues.
598856 Cannot revoke localservices cert with Remote CA issuer.
600388 CVE-2019-9193 postgresql allow run system commands through COPY SQL command.
604222 Use bcrypt hash for initial blank admin password after factory reset.
604270 HTTP access logs doesn't include the source IP address.
604496 CLI "exec restore" and "exec backup" commands appear not to check permissions.
607920 Unable to add some RADIUS attribute types to Custom Dictionaries.
609383 Update VMware OVF - Provide HW13 or HW14 profile.
610318 Using X-forwaded-for header to verify source IP allows spoofing and inaccurate logging.
610360 FortiAuthenticator agent doesn't send the domain information once checking the token code.
610790 Admin user without permissions trying to enter local page/guest users page will crash.
610792 Admin Profile with read and write access to widget cannot access Locked Out Users.
610827 Social Login users should show how many more available users can be created.
611424 Group membership is currently "+" delimited. Move or provide option to use "," as the delimeter.
611722 FortiAuthenticator as LDAP server changing eisting LDAP local user UID and select more GUI crashes.
612955 HA status page no response if anomalies are very large.
613996 Nested group search fix for SAML IdP.
614105 Reboot required prompt when loading or changing FortiClient license.
614673 Remote User Sync Rule preview mapping for mobile number shows attribute even if field is incorrectly formatted.
617282 FTM Token activated in mobile app has inaccurate issuer info.
617890 REST API - Cannot retrieve complete schema of everything.
619070 Exposed HA maintenance mode on CLI.
620314 Last login time for remote users not updated on standalone primary after logins on load balancers.
620496 Typo in HTML doc on infosite.
621089 RADIUS accounting response not being sent from FortiAuthenticator to a second client if another RADIUS client is added first.
622299 HA coordinated upgrade should not show up for load balancing.
623421 FortiAuthenticator 6.1.0 RUSR GUI - add user group.
624293 FortiAuthenticator displays UTC instead of configured time.
625179 Admin profiles permission sets Users and Devices unable to add remote LDAP users.
626438 CRL link displayed on the cert creation page for cert signed by intermediate certificate is improperly formatted.
626926 Remote User Sync Rule downgrades the role of a local admin with identical username.
627230 FTM Push for SSLVPN Fails, not possible see push notification in mobile.
627608 GUI log search in /debug section always returns "No results found".
628027 While downloading the debug logs from Web GUI getting "Gateway timeout" error message.

628649

Upgrades with a lot of social users is very slow.

629370 HA communication doesn't work over networks with effective MTU smaller than 1500 bytes.
630044 Request for a single-page config overview for RADIUS and Portal policies.
631603 Refreshing Access Token for fabric API causes Django crash.
632033 Unable to change local user password after upgrade - "You do not have permission to perform such operation".
632109 Unable to "set and email random password" when creating new user.
634017 PSKC Output shows HOTP when in fact token is TOTP.
634215 FortiAuthenticator adds escape character (backslash) to SMS gateway when HTTP is used.
634637 Unable to list Social Login Users: "An error has occurred".
634783 SAML unable to download metadata until the form is saved.
637162 Removed Certificate is still included in a Smart Connect Profile.
637625 Change default user retrieval selection to "Set a list of imported remote LDAP users" in new user group menu.
637998 REST API for localusers stopped working.
638359 Social login captive portal login page showing default HTML instead of customized one.
638885

AD authentication failed if cleartext password with character " received by FortiAuthenticator.

638970 Heartbeat interval and lost threshold doesn't get edited on first HA connection.
639366 Load balancer goes out of sync for FTM continuously.
639601 802.1x authentication failing with "request queueing too long and discarded".
639724 Close button on sync attributes help dialog doesn't work.
639937 PoV issue with Certificate Binding CA in Remote LDAP user sync rule not showing up.
642052 Organization validation.
642056 Show FTM info to help with troubleshooting push.
642961 DCAgents marked as offline randomly in SSO Monitor.
644618 Second OTP screen should be bypassed if the user or the usergroup is exempted.
644657 GET, POST, DELETE methods are not working for RADIUS attributes.
645705 Spelling error on SMTP Test Connection Dialog.
645983 Syslog SSO service does not start unless FortiAuthenticator is rebooted.
646901 User with admin role cannot import users from remote LDAP.
647160 Not able to bind trusted CA to remote user if no local CA is created.
647329 FortiAuthenticator Windows Agent not honoring 2FA group exemption.
647500 User look up fails to show information of a locked user.
648441 Routing configuration changes when rebooting Azure VM.
649141 Unable to update certificate.
652079 SAML IdP - Signature verification of SP request fails.
652254 CLI login always times out after FortiAuthenticator boots up during authentication.
652279 API: Make realm input case-insensitive.
655804 FortiAuthenticator is sending FSSO logoffs to FGT when receiving the same user info again from TS-agent.

657660

Upgrading standalone primary unit from 6.0.4 to 6.1.2 gets stuck in "Loading /rootfs.gz...ok".

658148 Remote User with the same username different DN override.
658152 Importing Fortioken FTK211 seed file gets error "unable to decrypt seed for FortiToken".
659131 Oauth Api TFA Broken, various issues after Django upgrade.

663132

User is locked out after one failed OTP login where it's configured to three.

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

449443 FortiAuthenticator Agent For Microsoft Windows does not display the user credentials when access the server through RDP.
481255 Gpart root shell implant against VM appliances.
530392 Cannot log in with social users on guest portal if their account has expired.
548527 Cannot unlock a user account that has been locked due to repeated invalid password entry from User Lookup page.
548689 Don't delete a revoked local service cert until expiry.
567598 FortiAuthenticator doesn't check that converted-format organization image meets file size requirements.
571782 Misc-Reverse-Tabnabbing.
573346 FortiAuthenticator delays forwarding authentication request to remote RADIUS.
575128 Allow deletion of imported Local Service certificates.
575261 RADIUS authentication is successful when using an invalid realm.
578190 Cancel button does not work throughout creation of a Guest Portal Smart Connect Profile.
580360 OK button doesn't do anything under when importing an SSO User.
583516 Gateway timeout error when downloading user audit report.
587113 RADIUS daemon needs to be restarted after adding a custom dictionary.
587370 Make it easier to use strings with RADIUS attributes of OCTETS type.
596985 Anonymous PEAP/TTLS issues.
598856 Cannot revoke localservices cert with Remote CA issuer.
600388 CVE-2019-9193 postgresql allow run system commands through COPY SQL command.
604222 Use bcrypt hash for initial blank admin password after factory reset.
604270 HTTP access logs doesn't include the source IP address.
604496 CLI "exec restore" and "exec backup" commands appear not to check permissions.
607920 Unable to add some RADIUS attribute types to Custom Dictionaries.
609383 Update VMware OVF - Provide HW13 or HW14 profile.
610318 Using X-forwaded-for header to verify source IP allows spoofing and inaccurate logging.
610360 FortiAuthenticator agent doesn't send the domain information once checking the token code.
610790 Admin user without permissions trying to enter local page/guest users page will crash.
610792 Admin Profile with read and write access to widget cannot access Locked Out Users.
610827 Social Login users should show how many more available users can be created.
611424 Group membership is currently "+" delimited. Move or provide option to use "," as the delimeter.
611722 FortiAuthenticator as LDAP server changing eisting LDAP local user UID and select more GUI crashes.
612955 HA status page no response if anomalies are very large.
613996 Nested group search fix for SAML IdP.
614105 Reboot required prompt when loading or changing FortiClient license.
614673 Remote User Sync Rule preview mapping for mobile number shows attribute even if field is incorrectly formatted.
617282 FTM Token activated in mobile app has inaccurate issuer info.
617890 REST API - Cannot retrieve complete schema of everything.
619070 Exposed HA maintenance mode on CLI.
620314 Last login time for remote users not updated on standalone primary after logins on load balancers.
620496 Typo in HTML doc on infosite.
621089 RADIUS accounting response not being sent from FortiAuthenticator to a second client if another RADIUS client is added first.
622299 HA coordinated upgrade should not show up for load balancing.
623421 FortiAuthenticator 6.1.0 RUSR GUI - add user group.
624293 FortiAuthenticator displays UTC instead of configured time.
625179 Admin profiles permission sets Users and Devices unable to add remote LDAP users.
626438 CRL link displayed on the cert creation page for cert signed by intermediate certificate is improperly formatted.
626926 Remote User Sync Rule downgrades the role of a local admin with identical username.
627230 FTM Push for SSLVPN Fails, not possible see push notification in mobile.
627608 GUI log search in /debug section always returns "No results found".
628027 While downloading the debug logs from Web GUI getting "Gateway timeout" error message.

628649

Upgrades with a lot of social users is very slow.

629370 HA communication doesn't work over networks with effective MTU smaller than 1500 bytes.
630044 Request for a single-page config overview for RADIUS and Portal policies.
631603 Refreshing Access Token for fabric API causes Django crash.
632033 Unable to change local user password after upgrade - "You do not have permission to perform such operation".
632109 Unable to "set and email random password" when creating new user.
634017 PSKC Output shows HOTP when in fact token is TOTP.
634215 FortiAuthenticator adds escape character (backslash) to SMS gateway when HTTP is used.
634637 Unable to list Social Login Users: "An error has occurred".
634783 SAML unable to download metadata until the form is saved.
637162 Removed Certificate is still included in a Smart Connect Profile.
637625 Change default user retrieval selection to "Set a list of imported remote LDAP users" in new user group menu.
637998 REST API for localusers stopped working.
638359 Social login captive portal login page showing default HTML instead of customized one.
638885

AD authentication failed if cleartext password with character " received by FortiAuthenticator.

638970 Heartbeat interval and lost threshold doesn't get edited on first HA connection.
639366 Load balancer goes out of sync for FTM continuously.
639601 802.1x authentication failing with "request queueing too long and discarded".
639724 Close button on sync attributes help dialog doesn't work.
639937 PoV issue with Certificate Binding CA in Remote LDAP user sync rule not showing up.
642052 Organization validation.
642056 Show FTM info to help with troubleshooting push.
642961 DCAgents marked as offline randomly in SSO Monitor.
644618 Second OTP screen should be bypassed if the user or the usergroup is exempted.
644657 GET, POST, DELETE methods are not working for RADIUS attributes.
645705 Spelling error on SMTP Test Connection Dialog.
645983 Syslog SSO service does not start unless FortiAuthenticator is rebooted.
646901 User with admin role cannot import users from remote LDAP.
647160 Not able to bind trusted CA to remote user if no local CA is created.
647329 FortiAuthenticator Windows Agent not honoring 2FA group exemption.
647500 User look up fails to show information of a locked user.
648441 Routing configuration changes when rebooting Azure VM.
649141 Unable to update certificate.
652079 SAML IdP - Signature verification of SP request fails.
652254 CLI login always times out after FortiAuthenticator boots up during authentication.
652279 API: Make realm input case-insensitive.
655804 FortiAuthenticator is sending FSSO logoffs to FGT when receiving the same user info again from TS-agent.

657660

Upgrading standalone primary unit from 6.0.4 to 6.1.2 gets stuck in "Loading /rootfs.gz...ok".

658148 Remote User with the same username different DN override.
658152 Importing Fortioken FTK211 seed file gets error "unable to decrypt seed for FortiToken".
659131 Oauth Api TFA Broken, various issues after Django upgrade.

663132

User is locked out after one failed OTP login where it's configured to three.