This patch update resolves specific previous issues. This document outlines why you should install this patch update.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ Self Service Password Reset forum on Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources.
The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:
NetIQ Self Service Password Reset includes the following security improvements:
If you are running the Self Service Password Reset appliance, this release contains operating system and security updates. These updates include updates to the latest versions of Java and Apache Tomcat. (Bug 1136738)
For the Windows version of Self Service Password Reset, this patch updates the Apache Tomcat version and the Java version. (Bug 1136739)
Apache Tomcat: 9.0.20
Java: OpenJDK 11.0.3_7
This patch resolves a security issue where Self Service Password Reset allowed unprivileged users to access administrative data.
This patch contains an update to deflect a possible cross-site attack.
This release addresses two CVEs:
CVE-2019-11647 Addresses a potential XSS.
CVE-2019-11648 Addresses a partial enumeration issue.
We would also like to offer special thanks to CERT Michelin for finding these, and their responsible disclosure.
NetIQ Self Service Password Reset includes the following software enhancements and fixes for this release:
This patch resolves the issue where the Target ID contained the same ID as the Perpetrator ID in the Self Service Password Reset audit data on all HELP_DESK_DELETE_USER records. This issue affected only the Target ID field, not the TargetDN field. (Bug 1135264)
This patch resolves the issue where the Clear Wordlist button that is under the Wordlist option in the Configuration Manager does not work. (Bug 1135811)
This patch provides a /swap directory on the appliance to resolve memory issues with Self Service Password Reset. (Bug 1135829)
This patch resolves the issue where the Help Desk module freezes if the user accounts do not have the Mobile Number and Email Address fields populated. The Help Desk module now displays an error stating that these fields must be populated and the module does not freeze. (Bug 1132679)
This patch resolves the issue in the People Search module where clicking the check box does not work, and you have to click the text of the check box instead. This patch allows you to click the check box to select the appropriate items for the People Search module. (Bug 1135640)
This patch resolves the issue where the check boxes for the columns in the People Search module are hard to see because they are gray on gray. In this patch, the check boxes are no longer gray. (Bug 1135707)
This patch resolves the issue where the OTP enrollment Cancel button does not work. The Cancel button works after you apply this patch. (Bug 1134824)
This patch resolves the issue where there is no scroll bar in the People Search module when viewing the details of the users, and users have more attributes than what the People Search module can display on one page. (Bug 1134919)
This patch resolves the issue where the Settings option in the People Search module does not display the help. (Bug 1135936)
This patch resolves the issue where Self Service Password Reset shows a tool tip instead of an error when the text in a form field does not match the regex pattern. (Bug 1120578)
NetIQ Self Service Password Reset includes support for the following operating system versions:
Appliance: You can deploy the Self Service Password Reset appliance in the following virtual systems:
Hyper-V version 2016 (version 10 with the latest patches)
VMware ESX 6.5 or later
Windows .msi File: You can deploy the Self Service Password Reset .msi file on the following platforms:
Windows Server 2016
Windows Server 2012
Microsoft Azure Marketplace Windows 2016
WAR File: You can deploy the Self Service Password Reset WAR file on the following platforms:
Red Hat Enterprise Linux Server 7.4 or later (64-bit)
SUSE Linux Enterprise Server or later (64-bit)
12 SP 3
11 SP 4
Amazon Web Service EC2 SUSE Linux Enterprise Server 12 SP 3
Red Hat Enterprise Linux 7.4
SUSE Linux Enterprise Server 12 SP 3
For detailed information on system requirements, supported operating systems, and browsers, see Deployment Requirements of Self Service Password Reset
in the Self Service Password Reset 4.4 Administration Guide.
To install Self Service Password Reset, see Installing Self Service Password Reset
in the Self Service Password Reset 4.4 Installation Guide.
To upgrade your current deployment of Self Service Password Reset to this version, see Upgrading or Migrating Self Service Password Reset
in the Self Service Password Reset 4.4 Installation Guide.
Complete the following steps to verify that the installation was successful.
To check the installed version:
Log in to the Self Service Password Reset administration console as an administrator.
In the toolbar, click your name, then click Administration.
Click the About tab, then verify that the SSPR Version is v 4.4.0.2 b366 r39762.
NetIQ Corporation strives to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: When users save their challenge-response information, the browser does not show the progress indicators correctly. This happens only when using HTTPS and an unsigned certificate. (Bug 1113598)
Workaround: There are two possible workarounds to this issue.
Use a valid certificate or import a self-signed certificate into the browsers when using HTTPS.
In the Configuration Edit, change the setting Settings > Security > Web Security > Sticky Session Verification to Enabled - And pre-load browser cache. This second option causes Self Service Password Reset to pre-load the Javascript, CSS files, and images at the beginning of a session.
Issue: Java 9 enables the LDAPS (LDAP over TLS) endpoint identification. If the subject name of the LDAP server certificate does not match the DNS name of the LDAP server, no LDAP connections can be made to the LDAP server. (Bug 1118684)
Solution: Update the subject name of the LDAP server certificate to match the DNS name of the LDAP server. We recommend this option to avoid any security issues.
Workaround: If you are not immediately able to update the name of the LDAP server certificate, see the following technical support document for other workarounds: 7023419.
Issue: With this release, there are issues with the right-to-left text in the Help Desk and People Search modules.
Solution: The right-to-left issues will be addressed in a future patch.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2019 NetIQ Corporation. All Rights Reserved.