CVE-2017-7731

Published: May 27, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.

Affected (1)

Products: Fortinet: Fortiportal

Fortinet

1 product

Fortiportal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiportal	Up to 4.0.0

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (2)

https://fortiguard.com/psirt/FG-IR-17-114

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-17-114

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.