WALLIX Access Manager 5.1

Fixes

WAB-12035: Fix an issue that allowed an expired LDAP or Active Directory user account to connect to the Access Manager using an X509 certificate.

Known Issues

WAB-3929: When the Access Manager appliance is restarted after uploading a p12 certificate or updating settings, it displays a 503 error message. Despite this error message, the certificate or changed settings are saved correctly. WAB-4838: The value of -Xmx in wabam.vmoptions is not proportional to the total memory. WAB-4968: On an appliance with a 3-network interfaces, the AM autofills the SAML URL with the administration interface URL instead of the user interface URL in the metadata file. WAB-5348: X509 authentication is not possible on the administration interface of an appliance. Consequently, it is not possible to perform X509 authentication on an appliance configured with a single network interface. WAB-6129: Users cannot paste using the keyboard shortcut CTRL + V with Greek and Russian keyboards. WAB-8198: The "bastion-change-redis-password command" accepts an empty password, although this is not supported by WALLIX Bastion. WAB-9030: Resizing shell windows in appliance causes crash for curse based terminals. WAB-9760: In the settings, changing the value of a toggle button and saving it multiple times before reloading the page does not work. Only the first change is saved. WAB-11153: SAML Authentication can fail due to missing SigAlg query param with Signed Messages activated and Redirect binding type. WAB-11290: In fullscreen mode (used by default), RDP session can be blurry. We recommend to use a fixed resolution instead of fullscreen. WAB-11343: After changing the WALLIX Bastion API key, users that already have a web session opened will encounter an authentication error when opening RDP or SSH sessions. Users must logout and login again for the new API key to be taken in account. WAB-11785: Service control limit value is set to 10 when toggling iptables rules. WAB-11792: Guests cannot open more than one session sharing at a time in a browser. If they do, they end up with the login screen of the Bastion proxy instead of being connected to the session of the host. WAB-11793: Guests cannot open the same session invite link on different tabs. If they do, they end up on the login screen of the Bastion proxy instead of being connected to the session of the host. WAB-11794: Guests cannot open the same session invite link more than once. If they do, they will end up on the login screen of the Bastion proxy instead of being connected to the session of the host. WAB-11796: When a host gives control on a session invite, the clipboard content is sent to the guest session. We recommend copy/pasting an empty character string before giving control to the guest. WAB-11900: Live audit for guest or host session (session invite feature) does not work with Bastion < 12.0.3. WAB-11951: In TELNET sessions, using the backspace touch visually adds a space instead of deleting a character. This is only a visual issue, the command will be correct with the characters deleted. WAB-11996: The button "Replay session" is displayed even if the user has rejected the recording. Clicking on the button displays an error message. WAB-11997: Searching audit sessions with start date as criteria is not possible for live sessions.

Known Limitations

WAB-1473: For smartphones and tablets: The multi-touch screens and the right-click function are not supported. The rotation of the screen is not supported during the RDP sessions. WAB-2035: The deletion of a column does not work due to a GWT limitation. WAB-6600: The cookie-based session persistence of CITRIX ADC/NetScaler load balancers is incompatible with Universal Tunneling when several Access Managers are setup as a cluster. WAB-7091: The OpenSSH server used on port 2242 is vulnerable to the disputed vulnerability CVE-2020-15778. However, in this context, this vulnerability does not allow any elevation of privileges: the user authorized to connect already has execution rights. WAB-7332: The LDAP/AD password change is not supported with RODC (Read Only Domain Controller). WAB-7333: Options to upload and download a file from the "Clipboard" menu are not displayed during an RDP session on a target under Windows Server 2003. WAB-7334: Only PAP and CHAP protocols are supported for RADIUS authentication. WAB-7335: After adding a Bastion, WALLIX Access Manager does not display the REST API version if the administrator is renamed with a name not matching one existing in the added Bastion. This limitation has no impacts on users as WALLIX Access Manager checks and updates the REST API version at each user synchronization. WAB-7336: The authentication to WALLIX Access Manager fails when a password change is required by the Bastion used as an authenticator and identifier. If the authentication fails, it is first necessary to connect to the Bastion to change the password. WAB-7337: Latency issues occur when displaying a large number of files in SFTP. WAB-7338: Due to limitations of Google Chrome and Mozilla Firefox, issues with keyboards may occur. We invite you to consult these links for more details on some of these limitations: https://bugs.chromium.org/p/chromium/issues/detail?id=1279409&#xA0;and&#xA0;https://bugzilla.mozilla.org/show_bug.cgi?id=1736594. WAB-7674: Some keyboard shortcuts, such as Ctrl-W and Ctrl-T, are reserved for Chrome and Firefox and cannot be caught in an SSH shell session. WAB-10219: If the Access Manager parameter rdp.clipboard.icap is enabled, when you try to paste a file to an RDP target more than once, the next paste inserts a blank file. WAB-10954: Slowness can occur in RDP sessions in case of heavy animation like video watching or consulting website with HTML animation. To improve this situation, you can increase the value of setting rdp.input.buffer.size or installing a browser plugin like Stylish to remove the HTML animation.