CVE-2021-26113

Published: Apr 6, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.

Affected (1)

Products: Fortinet: Fortiwan

Fortinet

1 product

Fortiwan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiwan	Before 4.5.9

Related CWEs

CWE-916

Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References (2)

https://fortiguard.com/psirt/FG-IR-21-064

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-064

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.