Fortinet opublikował aktualizację dla produktu FortiAuthenticator o numerze wersji 6.0.8. Nowa wersja oprogramowania ze względów bezpieczeństwa przynosi aktualizację komponentów – OpenLDAP, libxml2 oraz OpenSSL, co sprawia że sam FortiAuthenticator w tej wersji jest wolny od podatności CVE-2022-0778.
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 837219 | FortiAuthenticator-VM on same Hyper-V host cannot form HA A/A cluster after July 2022 Windows Updates. |
| 861776 | Upgrade OpenSSL from 1.1.1n to 1.1.1s, then again to 1.1.1t. |
| 791452 | OpenSSL 1.1.1n – Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778). |
| 800714 | [3rd party component upgrade required for security reasons] FortiAuthenticator– OpenLDAP to 2.6.2. |
| 814167 | [3rd party component upgrade required for security reasons] FortiAuthenticator – libxml2 to 2.9.14. |
| 803891 | SAML peer certificate expiration issue and XML security issue. |
Common Vulnerabilities and Exposures
FortiAuthenticator is no longer vulnerable to the following CVE-Reference(s):
| Bug ID | CVE references |
|---|---|
| 791452 | CVE-2022-0778 |
Znane problemy:
| Bug ID | Description |
|---|---|
| 529178 | FortiAuthenticator 5.5.0 search for serial number in certificate subject. |
| 526662 | FortiAuthenticator SNMP TRAP on disk failure or / and SNMP OID for disk status. |
| 576691 | Default realm allowing RADIUS users to authenticate using non-existing realms. |
| 582850 | RADIUS attributes are not added in the Access-Accept packet. |
| 540932 | FSSOMA nested group search failing if nested via primary group. |
| 478985 | FortiAuthenticator Windows Agent sometimes does not see the domain name and the user is not able to log in. |
| 551706 | FortiAuthenticator LB HA Cluster cannot have two remote FortiAuthenticator Admins with same username when 2FA FortiToken is enabled. |
| 570138 | Local user screen crashes intermittently. |
| 490281 | GUI issue with FortiAuthenticator logging. |
| 554282 | Should have similar log messages for remote sync rule when either admin or non-admin role is assigned to an imported user. |
| 583729 | Unable to import users into LDAP directory tree. |
| 551478 | FortiAuthenticator-VM upgrade from 4.0 b6237 to 6.0 b010 is not successful. |
| 577590 | FortiGuard server fails to send SMS because the message is too long. |
| 555320 | Captive Portal time schedule for device only (MAC address) is not working. |
| 581951 | FortiToken Cloud status service error when no entitlement purchased. |
| 569420 | Certificate upload to FortiAuthenticator in PKCS#12 format fails. |
| 581967 | FTM trial license activation: Disable „Cannot find req_trial_ftm task. It might have been removed”. |
| 544851 | HA re-enable and interface in use. |
| 573278 | GUI SSO Portal Services page hiding elements. |
| 528231 | Log showing cannot add any more users because limit of 1100 has been reached. |
| 574824 | No more than 20 realms can be present in RADIUS client settings. |
| 567157 | Trusted CA import shows pending when certificate is using SHA512 as hash. |
| 526202 | FortiAuthenticator does not check if the signature of CSR is valid. |
| 566145 | Usage Profile „TIME USAGE=Time used” is not triggering COA or Disconnect request to FortiGate. |
| 445313 | Default behavior for FTM deprovision. |
| 563330 | Error while accessing Authentication> Remote Users. |
| 565635 | 2FA: When FortiAuthenticator receives AVP with multiple VSA for MSCHAP-v2, it rejects the 2nd request (response to challenge). |
| 512913 | One of the cluster units does not send traps while acting as primary. |
| 536211 | Should limit FSSO password to 15 characters since that is the limit on the FortiGate. |
| 519319 | FortiAuthenticator is crashing every time when the LDAP Remote user sync rules are supposed to run. |
| 561563 | Guest portal authentication fails with HTTP 500 if the user’s name contains non-ASCII characters. |
| 568479 | EAP-TLS – deletion of local CA#1 breaks authentication for local CA#2 with identical subject. |
| 532652 | Users Audit Report not working on secondary of LB cluster. |
| 555180 | Push notification certificates not restored to disk following model conversion. |
| 544691 | Remote LDAP admins have no certificate bindings. |
| 561588 | Adding SMS license shows „connection timeout” in the GUI. |
| 541884 | FortiAuthenticator constantly drops connection to FortiGate with error „sock_recv() failed, error: 104”. |
| 582845 | Revoked local service certificates not in CRL. |
| 567493 | EAP-TLS authentication does not check AuthorityKeyIdentifier when matching allowed/trusted CAs. |
| 538059 | Importing an ECDSA-signed certificate/key causes an error dump. |
| 546764 | Non-ASCII characters in replacement messages cause line-break in the middle of a URL in emails. |
| 510931 | Monitor – Authentication – Windows AD statuses are unclear. |
| 528352 | FortiAuthenticator HA CLI errors. |
| 566500 | Activation Failed. FTM Server: provision code not exist (40). |
| 543729 | RADIUS client service not working after upgrade. |
| 575996 | FortiAuthenticator as RSSO > FSSO processing fails if fails RADIUS Accounting Sources is configured with FQDN instead of IP. |
| 571537 | Smart Connect profile is not working with MAC computer. |
Notatki producenta: FortiAuthenticator 6.0.8
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie