OPERATIONAL DEFECT DATABASE
...
...
In Fireware v12.7 and higher, the Mobile VPN with SSL client (Windows and MacOS) might send the one-time password (OTP) prompt of a user as a password when it authenticates the user to a Firebox configured to use the AuthPoint authentication server. Because the OTP prompt is not the password of the user, this can cause authentication to fail.This issue occurs when a user re-authenticates after a disconnect and uses an AuthPoint policy that supports both Password + Push and Password + OTP authentication types. The Mobile VPN with SSL client mistakenly views the new connection as a continuation of the previous session, and views the OTP prompt as the password of the user.
If the Mobile VPN with SSL client fails to authenticate, close and reopen it. This forces the Mobile VPN with SSL client to view the next authentication request as a new authentication.If this issue affects multiple users, you can limit the AuthPoint authentication policy to only Password + Push or Password + OTP. If you have users who must use different multi-factor authentication (MFA) types to support hardware tokens, you can create two AuthPoint authentication policies that are based on user and group memberships.
Click on a version to see all relevant bugs
WatchGuard Technologies Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
