CVE-2021-36171

Published: Mar 1, 2022Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.

Affected (8)

Products: Fortinet: Fortiportal

Fortinet

1 product

Fortiportal

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiportal	Up to 4.0.4
Fortinet Fortiportal	From 4.1.0 to 4.1.2
Fortinet Fortiportal	From 4.2.0 to 4.2.4
Fortinet Fortiportal	From 5.0.0 to 5.0.3
Fortinet Fortiportal	From 5.1.0 to 5.1.2
Fortinet Fortiportal	From 5.2.0 to 5.2.7
Fortinet Fortiportal	From 5.3.0 to 5.3.7
Fortinet Fortiportal	From 6.0.0 to 6.0.6

Related CWEs

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (2)

https://fortiguard.com/psirt/FG-IR-21-099

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-099

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.