PT-2021-19800 · Fortinet · Fortiportal

Published

2021-08-04

Updated

2021-08-10

CVE-2021-32596

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiPortal versions 6.0.0 through 6.04

Description A use of one-way hash with a predictable salt vulnerability in the password storing mechanism may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

Recommendations For FortiPortal versions 6.0.0 through 6.04, consider updating to a version that uses a secure password storing mechanism with an unpredictable salt to prevent decryption of passwords by means of precomputed tables. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

CVE-2021-32596

Affected Products

Fortiportal

PT-2021-19800 · Fortinet · Fortiportal

CVE-2021-32596

Weakness Enumeration

Related Identifiers

Affected Products

References · 5