CVE-2022-29053

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.2.0 FortiOS versions below 7.0.0

Description A missing cryptographic steps issue in the functions that encrypt keytab files may allow an attacker in possession of the encrypted file to decipher it. This affects the encryption of keytab values in FortiOS and FortiProxy.

Recommendations For FortiOS versions 7.0.0 through 7.2.0, update to a version that includes the necessary cryptographic steps to secure keytab files. For FortiOS versions below 7.0.0, update to a version that includes the necessary cryptographic steps to secure keytab files. As a temporary workaround, consider restricting access to the encrypted keytab files until a patch is available.