CVE-2021-26099

Name of the Vulnerable Software and Affected Versions FortiMail versions prior to 7.0.0

Description The issue is related to missing cryptographic steps in the Identity-Based Encryption service of FortiMail, which may allow an attacker to compromise the confidentiality of encrypted master keys by observing a few invariant properties of the ciphertext. This vulnerability is associated with the use of defective cryptographic algorithms, potentially enabling a remote attacker to bypass encryption protection mechanisms and gain unauthorized access to protected information.

Recommendations For FortiMail versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue.