CVE-2020-12812

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.0 through 6.0.9 FortiOS versions 6.2.0 through 6.2.3 FortiOS version 6.4.0

Description An improper authentication issue exists in the SSL VPN functionality of FortiOS. This allows attackers to bypass two-factor authentication (2FA) by manipulating the case of their username during login, particularly in configurations utilizing LDAP for authentication. The vulnerability, tracked as CVE-2020-12812, has been actively exploited since 2020 and continues to be a threat, with reports of ongoing exploitation in late 2025. The issue arises from inconsistent case-sensitive matching between the FortiGate firewall and the LDAP directory server. Successful exploitation can grant unauthorized access to VPN resources and potentially administrative accounts. Threat actors, including the GoldenJackal group, have been observed leveraging this vulnerability. Approximately 5.7 million Fortinet Firewall instances are exposed. The API endpoint used for authentication is susceptible to this issue, with the

username

parameter being a key factor in the bypass. The

checkPassword()

function is implicated in the authentication process.

Recommendations FortiOS versions 6.0.0 through 6.0.9: Update to a version later than 6.0.9. FortiOS versions 6.2.0 through 6.2.3: Update to a version later than 6.2.3. FortiOS version 6.4.0: Update to a version later than 6.4.0. Disable username case sensitivity in the FortiOS configuration. Remove the secondary LDAP group if it is not required. Audit logs for unusual login activity or 2FA bypass attempts.