Описание
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.0 (включая) до 6.0.4 (включая)
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
6 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-916
Связанные уязвимости
github
больше 3 лет назад
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
EPSS
Процентиль: 24%
0.00083
Низкий
6 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-916