NetIQ Self Service Password Reset 4.5 Patch Update 3 Release Notes

October 2020

NetIQ Self Service Password Reset 4.5 Patch Update 3 resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ Self Service Password Reset forum on Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the NetIQ Self Service Password Reset Documentation page. To download this product, see the NetIQ Downloads website.

1.0 What’s New?

NetIQ Self Service Password Reset 4.5 Patch Update 3 includes the following improvements and fixes:

1.1 Security Improvements

NetIQ Self Service Password Reset 4.5 Patch Update 3 includes the following security improvement:

Sensitive Information Disclosure in Specific Product Configuration

Sensitive information disclosure in specific product configuration. For more information CVE-2020-25837.

1.2 Software Fixes

NetIQ Self Service Password Reset 4.5 Patch Update 3 includes the following software fixes:

The Application Forces to Logout

When browsing the organization chart after eliminating the unmatched users, the application forces the user to logout. This happens due to incorrect handling of People Search LDAP Filter.

Not Displaying CAPTCHA

When a user tries to log in after enabling CAPTCHA and setting the CAPTCHA Intruder Attempt Trigger count, the login page does not display CAPTCHA when the user exceeds the intruder attempt count.

The following message is displayed when the user tries to log in without CAPTCHA:

An error occurred while validating CAPTCHA response. Please close your browser and try again. If this error occurs repeatedly contact your help desk.

5032 ERROR_CAPTCHA_API_ERROR (missing recaptcha response)

Users Cannot Disable SMS while Changing Password or Profile

The SMS feature is enabled by default for changing passwords or profiles, and users cannot disable it.

Application Does Not Mask the Token

The user activation token page does not mask the tokens even after the Mask Token Input Fields configuration is enabled.

Users Cannot Access the HaveIBeenPwned Database

Users are not able to reach the HaveIBeenPwned database after enabling ExternalBreach database check in their deployments. After this patch, users can reach HaveIBeenPwned database in their deployments.

2.0 System Requirements

This release includes support for the following operating systems:

  • Appliance: You can deploy the Self Service Password Reset appliance in the following virtual systems:

    • Hyper-V version 4.0

    • VMware ESX 6.5 or later

  • Windows .msi File: You can deploy the Self Service Password Reset .msi file on the following platforms:

    • Windows Server 2012

    • Windows Server 2016

    • Windows Server 2019

    • Amazon Web Services EC2 Windows 2016

    • Microsoft Azure Marketplace Windows 2016

  • WAR File: You can deploy the Self Service Password Reset WAR file on the following platforms:

    • Red Hat Enterprise Linux Server 7.4 or later (64-bit)

    • Red Hat Enterprise Linux Server 8.1

    • SUSE Linux Enterprise Server

      • 12 SP3, 12 SP4, and 12 SP5 (64-bit)

      • 11 SP4 or later (64-bit)

    • Amazon Web Services EC2 SUSE Linux Enterprise Server 12 SP3

      • Red Hat Enterprise Linux 7.4

      • SUSE Linux Enterprise Server 12 SP3

    • Microsoft Azure Marketplace

      • Red Hat Enterprise Linux 7.4

      • SUSE Enterprise Server 12 SP3

For detailed information about system requirements, supported operating systems, and browsers, see Deployment Requirements of Self Service Password Reset in the Self Service Password Reset 4.5 Installation Guide.

3.0 Installing or Upgrading NetIQ Self Service Password Reset

To install Self Service Password Reset, see Installing Self Service Password Reset in the Self Service Password Reset 4.5 Installation Guide.

To upgrade to Self Service Password Reset 4.5 Patch Update 3, you need to be on one of the following versions:

  • Self Service Password Reset 4.5 Patch Update 2

  • Self Service Password Reset 4.5 Patch Update 1

  • Self Service Password Reset 4.5

For more information to upgrade to Self Service Password Reset 4.5 Patch Update 3 from Self Service Password Reset 4.4.x or before, see Automatically Upgrading Self Service Password Reset.

4.0 Verifying the Installation

  1. Log in to the Self Service Password Reset administration console as an administrator.

  2. In the toolbar, click your name and then click Administration.

  3. Click the About tab and then verify that the SSPR Version is the latest one.

5.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

6.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see http://www.microfocus.com/about/legal/.

Copyright © 2020 NetIQ Corporation. All Rights Reserved.