CVE-2021-43067

Published: Dec 8, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.

Affected (10)

Products: Fortinet: Fortiauthenticator

Fortinet

1 product

Fortiauthenticator

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiauthenticator	From 6.0.1 to 6.0.7
Fortinet Fortiauthenticator	Version 6.1.0
Fortinet Fortiauthenticator	Version 6.1.1
Fortinet Fortiauthenticator	Version 6.1.2
Fortinet Fortiauthenticator	Version 6.2.0
Fortinet Fortiauthenticator	Version 6.2.1
Fortinet Fortiauthenticator	Version 6.3.0
Fortinet Fortiauthenticator	Version 6.3.1
Fortinet Fortiauthenticator	Version 6.3.2
Fortinet Fortiauthenticator	Version 6.4.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://fortiguard.com/advisory/FG-IR-21-211

Source: psirt@fortinet.com

Broken Link

https://fortiguard.com/advisory/FG-IR-21-211

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.