Описание
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
Ссылки
- Broken Link
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.1 (включая) до 6.0.7 (включая)
Одно из
cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00395
Низкий
8.3 High
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
около 4 лет назад
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
EPSS
Процентиль: 60%
0.00395
Низкий
8.3 High
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200