Описание
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Ссылки
- Vendor Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Уязвимость операционной системы FortiOS, связанная с недостатками процедуры аутентификации, позволяющая нарушителю войти в систему без запроса второго фактора аутентификации
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2