PT-2021-23742 · Fortinet · Fortiauthenticator
Published
2021-12-08
·
Updated
2021-12-09
·
CVE-2021-43067
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiAuthenticator versions 6.0.1 through 6.4.0
Description
The issue allows an exposure of sensitive information to an unauthorized actor, enabling an attacker to duplicate a target LDAP user's 2-factor authentication token via crafted HTTP requests.
Recommendations
For Fortinet FortiAuthenticator versions 6.0.1 through 6.4.0, update to a version that contains a fix for this issue to prevent the duplication of 2-factor authentication tokens.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiauthenticator