CVE-2023-45582

Name of the Vulnerable Software and Affected Versions FortiMail webmail versions 7.2.0 through 7.2.4 FortiMail webmail versions 7.0.0 through 7.0.6 FortiMail webmail versions before 6.4.8

Description An improper restriction of excessive authentication attempts may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.

Recommendations For versions 7.2.0 through 7.2.4, consider restricting access to the login endpoint to minimize the risk of exploitation. For versions 7.0.0 through 7.0.6, consider implementing rate limiting on the login attempts to reduce the risk of brute force attacks. For versions before 6.4.8, consider disabling the webmail login functionality until a patch is available. As a temporary workaround, consider monitoring the login attempts and blocking suspicious activity to minimize the risk of exploitation.