Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID Description
565706 Upgrade kernels to address TCP SACK vulnerabilities: CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.
548689 FortiAuthenticator should not delete a revoked local service certificate until it has expired.
524382 Increase the timeout limit for RADIUS requests to 60 seconds.
560427 If a custom RADIUS dictionary with a duplicated attribute number is uploaded to FortiAuthenticator, the GUI becomes inaccessible.
563148 Occasionally, FortiToken Mobile push notifications are accepted only after a second approval.
538216 FortiAuthenticator FSSO service can be unstable due to crashing DC agent daemon.
561938 For local users, FortiAuthenticator should not allow the use of passwords over 64 characters.
561200 The IdP metadata file contains an incorrect SP certificate format which causes SAML authentication failure.
560326 Users who have logged into a computer running Windows 8.1 or Windows 10 using a Microsoft Account continue to have the ability to log in with the account despite enabling the FortiAuthenticator Windows Agent option to disable Microsoft Providers.
563820 When PCI is enabled, attempting to log into the GUI with a username that does not exist causes FortiAuthenticator to crash.
561934 In the GUI banner, replace the build label with the FortiAuthenticator model number.
557353 Occasionally, FortiAuthenticator widgets fail to load.
558329 On the login page, relocate "Sign in as different user" link beneath the login box.

Common Vulnerabilities and Exposures

FortiAuthenticator is no longer vulnerable to the following CVE-Reference(s):

  • CVE-2019-11477
  • CVE-2019-11478
  • CVE-2019-11479

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID Description
565706 Upgrade kernels to address TCP SACK vulnerabilities: CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.
548689 FortiAuthenticator should not delete a revoked local service certificate until it has expired.
524382 Increase the timeout limit for RADIUS requests to 60 seconds.
560427 If a custom RADIUS dictionary with a duplicated attribute number is uploaded to FortiAuthenticator, the GUI becomes inaccessible.
563148 Occasionally, FortiToken Mobile push notifications are accepted only after a second approval.
538216 FortiAuthenticator FSSO service can be unstable due to crashing DC agent daemon.
561938 For local users, FortiAuthenticator should not allow the use of passwords over 64 characters.
561200 The IdP metadata file contains an incorrect SP certificate format which causes SAML authentication failure.
560326 Users who have logged into a computer running Windows 8.1 or Windows 10 using a Microsoft Account continue to have the ability to log in with the account despite enabling the FortiAuthenticator Windows Agent option to disable Microsoft Providers.
563820 When PCI is enabled, attempting to log into the GUI with a username that does not exist causes FortiAuthenticator to crash.
561934 In the GUI banner, replace the build label with the FortiAuthenticator model number.
557353 Occasionally, FortiAuthenticator widgets fail to load.
558329 On the login page, relocate "Sign in as different user" link beneath the login box.

Common Vulnerabilities and Exposures

FortiAuthenticator is no longer vulnerable to the following CVE-Reference(s):

  • CVE-2019-11477
  • CVE-2019-11478
  • CVE-2019-11479