CVE-2022-38753: Advanced Authentication 6.4 Service Pack 1 Release Notes

This release includes the following software fixes:

Component

Description

Administration Portal

The data and graphs displayed on the Dashboard are not up to date. The data and graph are displayed until the date when the settings are last saved. However, the data gets updated when the administrator manually updates the .

Administration Portal

Specifying color in the RGB format or keeping the following fields empty in the policy results in an error message:

Therefore, you must set the colors in the Hexadecimal format.

Administration Portal

The column is removed from the widget of Dashboard, as it does not provide clear details about the expiry status of a specific license and causes confusion.

Administration Portal

The full synchronization process marks several active users for deletion. Due to this issue, active users cannot log in. This issue occurs after upgrading to Advanced Authentication 6.3 Service Pack 4 Patch 1 release.

Administration Portal

Use of special characters in the ClientID and Secret of OAuth events causes the Web Authentication parsing error.

Administration Portal

The customized brand settings break after upgrading to Advanced Authentication 6.4. This issue occurs due to the missing custom branding JAR file.

Administration Portal

Implementing the Per Tenant Hostname (PTH) feature breaks the Web Authentication method.

Administration Portal

The administrator is unable to remove the LDAP repository when the LDAP server is unavailable. The following error message is displayed:

Cannot connect to the LDAP server

Administration Portal

The existing OAuth integrations fail after the upgrade to Advanced Authentication 6.4.

Administration Portal

When the name and number of a particular Server Metric tile are too long, then the content that is extending outside the tile is wrapped that misaligns the tile position.

Administration Portal

On the Linux PAM Client, the is not formatted properly.

Appliance

Deleting the reports from the Administration Portal does not delete the exported reports (CSV and JSON) in the /var/lib/docker/volumes/aaf_aucore-data/_data/reports path even after rebooting the appliance.

Appliance

The upgrade of Web Servers to Advanced Authentication 6.4 fail in the cluster environment.

CAF Portal

The upgrade to Advanced Authentication 6.4 fails if the connection is via proxy.

CAF Portal

In Advanced Authentication 6.4, exporting of the Digital Certificate results in an error.

Enrollment Portal

After integrating Advanced Authentication with Access Manager using the SAML event, the redirection from Access Manager to the Enrollment Portal fails and results in a 404 error. This happens due to the missing text webauth/ in the Callback URL.

Enrollment Portal

The enrollment of the Web Authentication Method fails even when the administrator has configured the method with valid details.

Linux PAM Client

When a user selects an authentication chain with the Fingerprint method on the Linux PAM client, an error message Invalid access: cannot convert empty value is displayed.

Now, if the Fingerprint reader is not connected to the Linux machine and user attempts to log in, the authentication chain with the Fingerprint method is not displayed.

OAuth and SAML Events

The SAML Service Provider method with improper configuration bypasses authentication and grants access without any validation to the associated OAuth and SAML events.

Old Enrollment Portal

On the old Enrollment Portal, enrollment of the U2F method fails when using the Chrome browser.

SAML Event

When Advanced Authentication and Cisco AnyConnect are integrated using the SAML event, the login page is not displayed appropriately.

Web Authentication

With one Web Authentication event active for a user and the user tries to log in to another Web Authentication event, an error message stating to log out from the previous event is displayed.

Web Authentication

An authentication attempt to the Web Authentication event fails if the is set with RGB values in the policy. This occurs due to the use of transparent colors. Therefore, administrators must set the colors in the Hexadecimal format.

Windows Client

When users try to authenticate to Windows Client using the FIDO2 method with NFC capability, an invalid error message Please connect a FIDO2 token is displayed though the reader is connected to the system.

Windows Client

An invalid error message is displayed when a user removes the NFC-supported card from the card reader while authenticating to Windows Client using the Card method.

Now, the following message is displayed when the user removes NFC supported card from the reader during authentication:

Tap your security key again on the reader