CVE-2021-24005

Published: Jul 6, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.

Affected (1)

Products: Fortinet: Fortiauthenticator

1 product

Fortiauthenticator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiauthenticator	From 6.0.0 to 6.3.0

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://fortiguard.com/psirt/FG-IR-20-049

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-20-049

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.