PT-2023-12861 · Fortinet · Fortisandbox

Publicado

2023-02-16

Atualizado

2023-02-24

CVE-2022-26115

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiSandbox versions prior to 4.2.0

Description The issue is related to the use of password hash with insufficient computational effort, allowing an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the password database to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-916

Identificadores relacionados

CVE-2022-26115

Produtos afetados

Fortisandbox

PT-2023-12861 · Fortinet · Fortisandbox

CVE-2022-26115

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4