Some of remote user sync rules stopped working after upgrade.

Remote sync rule does not remove the user from FortiToken Cloud.

pushd not processing FortiToken Mobile push for usernames of format "domain\user".

RADIUS authentication via MSCHAPv2 fails using 8-digits FortiToken Cloud.

FortiAuthenticator SAML IdP - HTTP error 500 if LDAP users with very long DN log in.

Editing remote sync rules show base unit instead of previously saved value.

FortiAuthenticator v6.4.1 does not support the old URL "/cert/scep" for SCEP anymore.

Importing local users from CSV - FortiAuthenticator LB shows "In Sync with Anomalies".

0.0.0.0/0 RADIUS client not accepted.

Error 403 when clicking on "click to goto the login page".

Unable to select 6 or more groups for the LDAP service directory tree.

Read-only admin profile cannot view local/remote users, error 500.

The timestamp of the account status for lockout is GMT 00:00 regardless of the system time.

Restore Backup - Unable to "force restore" a backup from an unrecognized build.

OAuth setting permissions are missing.

Erroneous error message displayed when promoting local user to admin.

User Management GUI shows "Backup" after FortiToken Mobile token code is used to log in successfully.

PCI DSS 2FA shows different page for user that does not exist.

Directory tree GUI bug when changing classes and creating new LDAP entry.

Remove Scan QR code option for FortiToken Cloud.

Email subject and body show up swapped in token email.

Unable to make certain custom RADIUS attributes.

SAML user import is broken.

RADIUS: MAC auth bypass requests are crashing radiusd / preventing other logins.

When IP range 0.0.0.0~255.255.255.255 is used as a RADIUS client, it has the highest priority.

Azure remote IdP authentication fails if FortiAuthenticator FQDN contains upper case.

Incorrect order of the fields displayed on change_password_remote page for remote users.

Import SSO Groups menu : "Select None" and "All" buttons seem dead when thousands of CN groups are present.

FSSO portal login timeout value cannot be saved.

FortiAuthenticator workstation check causes Windows System Event Log ID 10036 - CVE-2021-26414 and KB5004442.

FortiToken Mobile email activation sent to user again when LDAP sync runs after the timeout of token activation (user should stay disabled).

LDAP filters are showing the entire directory tree instead of applied filters for users.

FortiAuthenticator Read-Only "Admin Profile" Shows error 500.

FortiAuthenticator RADIUS policy - attribute filters do not escape '\t', '\n' and '\r' properly.

SNMP not generating correct user counts when remote RADIUS users are administrators.

Local user imported via API with no password will fail RADIUS authentication using OTP-only.

Accessing the self service portal gives error 500.

/api/v1/pushauth/: the processing of the response is delayed.

FortiAuthenticator GUI cannot show how many users available in every group.

Certificate expiry warning sends out an email everyday.

Admin with OTP(SMS) cannot pass password prompt when making changes to admin accounts.

FSSO self-service portal does not create FSSO session upon end user login.

Login fails after we are redirected from portal.office.com to the IdP-FortiAuthenticator 6.4.1.

GUI showing wrong URL for CRL distribution point.

Password change of the logged in admin asking for reauth with menu still displayed.

Captive portal randomly fails with "500 Internal Server Error".

SAML IdP: auth gives error 403 when using custom attribute.

SSO groups imported from LDAP do not get excluded using Fine-Grained controls.

FortiAuthenticator SAML: error 403 for the SAML session details if SAML is disabled on the interface the admin is connected.

Guest portal gives error 500 if a user is registering with the same phone number for the second time.

Token transfer fails if includes deprovisioned token(registration id = null) and FortiAuthenticator throws unknown error.

FSSO - LDAP user/group lookup is broken by addition of remote LDAP for computer-based authentication.

FortiAuthenticator joining domain and using the incorrect domain name (DNS) if the name is the same in several LDAP servers.

Kerberos not working for AES.

OAuth should have its own portals.

Support ES6.

execute backup config ftp upload issue when path provided.

Cannot delete an expired user certificate in Firefox.

Webserver leaks sockets while handling SAML authentications for remote LDAP users.

Not all debug pages on FortiAuthenticator provide the option to set maximum size of the debug file.

Cloud-init: DHCP client stays resident rather than exiting after boot as intended.

Update to show "Memory Available" in addition to "Memory used".

Default self-signed certificate expiry date is 1 year.

SW RAID models (400E, 300F) fail to reformat themselves in 6.4.0 and 6.4.1.

LB HA primary node (eventually) runs out of database connections when an LB node disk is full.

Admin user gets locked out after other users log in via the self service portal.

Sync admin permission profiles in LB-HA.

Seek confirmation from the FortiAuthenticator admin when restoring configuration via GUI.

Input is missing from the Inbound Proxy pane in the System Access tab.

FortiAuthenticator VMware VM with Cloud-init does not work on the ESXi hypervisor.

[3^rd party component upgrade required for security reasons] FortiAuthenticator - Dirty Pipe vulnerability on Linux Kernel.

[FG-IR-21-254] "Host" header injection.

busybox vulnerabilities- precautionary upgrade.

django- Precaution upgrade.

[Third party] lxml vulnerabilities- precaution upgrade.

Force password change on next logon produces 403 forbidden with SAML login.

Google Workspace Open LDAP crashes when we try to change password.

HA load balancing certificate binding and RADIUS attribute anomalies when syncing an unsync'd admin.

RADIUS authentication against remote LDAP users fail if the user is not imported.

SAML proxy Google Workspace login shows 500 error on the SP.

Memory available always show 0 on the Dashboard.

500 internal server error when changing remote user password via self service portal.

Remote user sync rule for the already imported user does not re-sync OTP.

Password reset does not work for the remote LDAP user if the password contains 6 characters or less.

Remote user sync rules fails to sync remote users when FortiToken Mobile tokens are assigned.

Sponsor accounts cannot re-enable the guest users that they created.

Error 404 Not Found when resending email or SMS.

Today button for expiry guest users is 1 day ahead.

Username field from the Portal registration page should not be there if mobile number is used as the username.

Unable to change password of remote user unless imported in FortiAuthenticator.

Dump when adding LDAP uid to a uid.

Revoking of certificate is not being seen with OCSP until FortiAuthenticator reboots.

Sponsor admin profile should be read-only.

OAuth 2.0 / OIDC monitoring, troubleshooting and auditing.

pushd leaks database connection and failed to send notification if postgres restarted.

SP session for SAML FSSO are not SSO - 403 Forbidden with Chrome.

FortiAuthenticator prompts for the admin password when changing a user sync rule when adding the assigned token.

HA failover does not work reliably after maintenance mode is disabled on the high priority node.

FortiAuthenticator fails to import 3^rd party CA certificate but the GUI shows "Import Successful".

CPU spikes for every 5 minutes on time based schedule and last for 1 minutes when there are users in FortiAuthenticator.

[Third Party] Postgresql - precaution upgrade.

FSSO server restart takes too long when the global pre-filter is modified.