Resolved issues
The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.
Bug ID |
Description |
---|---|
769953 |
Some of remote user sync rules stopped working after upgrade. |
773306 |
Remote sync rule does not remove the user from FortiToken Cloud. |
778088 |
pushd not processing FortiToken Mobile push for usernames of format "domain\user". |
774659 |
RADIUS authentication via MSCHAPv2 fails using 8-digits FortiToken Cloud. |
778835 |
FortiAuthenticator SAML IdP - HTTP error 500 if LDAP users with very long DN log in. |
778114 |
Editing remote sync rules show base unit instead of previously saved value. |
770154 |
FortiAuthenticator v6.4.1 does not support the old URL "/cert/scep" for SCEP anymore. |
746567 |
Importing local users from CSV - FortiAuthenticator LB shows "In Sync with Anomalies". |
776302 |
0.0.0.0/0 RADIUS client not accepted. |
770193 |
Error 403 when clicking on "click to goto the login page". |
769976 |
Unable to select 6 or more groups for the LDAP service directory tree. |
748862 |
Read-only admin profile cannot view local/remote users, error 500. |
763568 |
The timestamp of the account status for lockout is GMT 00:00 regardless of the system time. |
779850 |
Restore Backup - Unable to "force restore" a backup from an unrecognized build. |
764092 |
OAuth setting permissions are missing. |
774212 |
Erroneous error message displayed when promoting local user to admin. |
769877 |
User Management GUI shows "Backup" after FortiToken Mobile token code is used to log in successfully. |
733323 |
PCI DSS 2FA shows different page for user that does not exist. |
616489 |
Directory tree GUI bug when changing classes and creating new LDAP entry. |
779956 |
Remove Scan QR code option for FortiToken Cloud. |
776257 |
Email subject and body show up swapped in token email. |
706997 |
Unable to make certain custom RADIUS attributes. |
767313 |
SAML user import is broken. |
771123 |
RADIUS: MAC auth bypass requests are crashing radiusd / preventing other logins. |
765529 |
When IP range 0.0.0.0~255.255.255.255 is used as a RADIUS client, it has the highest priority. |
761292 |
Azure remote IdP authentication fails if FortiAuthenticator FQDN contains upper case. |
756777 |
Incorrect order of the fields displayed on change_password_remote page for remote users. |
766131 |
Import SSO Groups menu : "Select None" and "All" buttons seem dead when thousands of CN groups are present. |
768948 |
FSSO portal login timeout value cannot be saved. |
774076 |
FortiAuthenticator workstation check causes Windows System Event Log ID 10036 - CVE-2021-26414 and KB5004442. |
741332 |
FortiToken Mobile email activation sent to user again when LDAP sync runs after the timeout of token activation (user should stay disabled). |
771382 |
LDAP filters are showing the entire directory tree instead of applied filters for users. |
779992 |
FortiAuthenticator Read-Only "Admin Profile" Shows error 500. |
778478 |
FortiAuthenticator RADIUS policy - attribute filters do not escape '\t', '\n' and '\r' properly. |
774759 |
SNMP not generating correct user counts when remote RADIUS users are administrators. |
778053 |
Local user imported via API with no password will fail RADIUS authentication using OTP-only. |
782363 |
Accessing the self service portal gives error 500. |
757968 |
/api/v1/pushauth/: the processing of the response is delayed. |
756782 |
FortiAuthenticator GUI cannot show how many users available in every group. |
692726 |
Certificate expiry warning sends out an email everyday. |
769954 |
Admin with OTP(SMS) cannot pass password prompt when making changes to admin accounts. |
759691 |
FSSO self-service portal does not create FSSO session upon end user login. |
777914 |
Login fails after we are redirected from portal.office.com to the IdP-FortiAuthenticator 6.4.1. |
767750 |
GUI showing wrong URL for CRL distribution point. |
768643 |
Password change of the logged in admin asking for reauth with menu still displayed. |
771209 |
Captive portal randomly fails with "500 Internal Server Error". |
771409 |
SAML IdP: auth gives error 403 when using custom attribute. |
770258 |
SSO groups imported from LDAP do not get excluded using Fine-Grained controls. |
770177 |
FortiAuthenticator SAML: error 403 for the SAML session details if SAML is disabled on the interface the admin is connected. |
766837 |
Guest portal gives error 500 if a user is registering with the same phone number for the second time. |
752627 |
Token transfer fails if includes deprovisioned token(registration id = null) and FortiAuthenticator throws unknown error. |
764256 |
FSSO - LDAP user/group lookup is broken by addition of remote LDAP for computer-based authentication. |
758008 |
FortiAuthenticator joining domain and using the incorrect domain name (DNS) if the name is the same in several LDAP servers. |
745497 |
Kerberos not working for AES. |
763516 |
OAuth should have its own portals. |
724834 |
Support ES6. |
745433 |
|
765133 |
Cannot delete an expired user certificate in Firefox. |
768540 |
Webserver leaks sockets while handling SAML authentications for remote LDAP users. |
756678 |
Not all debug pages on FortiAuthenticator provide the option to set maximum size of the debug file. |
764147 |
Cloud-init: DHCP client stays resident rather than exiting after boot as intended. |
764052 |
Update to show "Memory Available" in addition to "Memory used". |
773944 |
Default self-signed certificate expiry date is 1 year. |
770375 |
SW RAID models (400E, 300F) fail to reformat themselves in 6.4.0 and 6.4.1. |
746405 |
LB HA primary node (eventually) runs out of database connections when an LB node disk is full. |
764376 |
Admin user gets locked out after other users log in via the self service portal. |
752741 |
Sync admin permission profiles in LB-HA. |
752408 |
Seek confirmation from the FortiAuthenticator admin when restoring configuration via GUI. |
771671 |
Input is missing from the Inbound Proxy pane in the System Access tab. |
719092 |
FortiAuthenticator VMware VM with Cloud-init does not work on the ESXi hypervisor. |
788824 |
[3rd party component upgrade required for security reasons] FortiAuthenticator - Dirty Pipe vulnerability on Linux Kernel. |
774147 |
[FG-IR-21-254] "Host" header injection. |
761940 |
busybox vulnerabilities- precautionary upgrade. |
768951 |
django- Precaution upgrade. |
769295 |
[Third party] lxml vulnerabilities- precaution upgrade. |
782448 |
Force password change on next logon produces 403 forbidden with SAML login. |
613164 |
Google Workspace Open LDAP crashes when we try to change password. |
778043 |
HA load balancing certificate binding and RADIUS attribute anomalies when syncing an unsync'd admin. |
786034 |
RADIUS authentication against remote LDAP users fail if the user is not imported. |
786540 |
SAML proxy Google Workspace login shows 500 error on the SP. |
769712 |
Memory available always show 0 on the Dashboard. |
779045 |
500 internal server error when changing remote user password via self service portal. |
781813 |
Remote user sync rule for the already imported user does not re-sync OTP. |
762262 |
Password reset does not work for the remote LDAP user if the password contains 6 characters or less. |
780556 |
Remote user sync rules fails to sync remote users when FortiToken Mobile tokens are assigned. |
776256 |
Sponsor accounts cannot re-enable the guest users that they created. |
733028 |
Error 404 Not Found when resending email or SMS. |
604734 |
Today button for expiry guest users is 1 day ahead. |
772153 |
Username field from the Portal registration page should not be there if mobile number is used as the username. |
764179 |
Unable to change password of remote user unless imported in FortiAuthenticator. |
763341 |
Dump when adding LDAP uid to a uid. |
773020 |
Revoking of certificate is not being seen with OCSP until FortiAuthenticator reboots. |
763973 |
Sponsor admin profile should be read-only. |
764510 |
OAuth 2.0 / OIDC monitoring, troubleshooting and auditing. |
765396 |
pushd leaks database connection and failed to send notification if postgres restarted. |
786754 |
SP session for SAML FSSO are not SSO - 403 Forbidden with Chrome. |
788638 |
FortiAuthenticator prompts for the admin password when changing a user sync rule when adding the assigned token. |
665384 |
HA failover does not work reliably after maintenance mode is disabled on the high priority node. |
782955 |
FortiAuthenticator fails to import 3rd party CA certificate but the GUI shows "Import Successful". |
777665 |
CPU spikes for every 5 minutes on time based schedule and last for 1 minutes when there are users in FortiAuthenticator. |
755916 |
[Third Party] Postgresql - precaution upgrade. |
762203 |
FSSO server restart takes too long when the global pre-filter is modified. |
787678 |
FortiAuthenticator TACACS+ behavior with ASCII and PAP. |
Common Vulnerabilities and Exposures
Bug ID |
CVE references |
---|---|
791452 |
FortiAuthenticator 6.4.2 is no longer vulnerable to the following CVE-Reference(s):
|