Operational Defect Database
BugZero found this defect 2908 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3gESAQ
CLI incorrectly lets you add Firebox-DB entries to Authorized Users and Groups
Last update date:
6/2/2016
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
Fixed releases:
All
Description:
Issue
When you use the Command Line Interface, or CLI, to configure the Firebox, you can add users and groups for the Firebox-DB internal authentication database with the auth-user-group command. This is a problem because Firebox-DB users and groups must be added with the users and user-group commands. Any users or groups that you add with the CLCI auth-user-group command will not work correctly, but it is not possible to remove them from Fireware Web UI or Policy Manager.
Workaround/Solution
You can use the CLI to remove the incorrectly added users and groups. For example, if you used the command:auth-user-group jackp user Firebox-DB description Chief_Executive_Officerto add the user, you can use the command:no auth-user-group jackp user Firebox-DB to remove the user.
