CVE-2022-26115

Published: Feb 16, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

Affected (7)

Products: Fortinet: Fortisandbox

Fortinet

1 product

Fortisandbox

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisandbox	Version 3.2.0
Fortinet Fortisandbox	Version 3.2.1
Fortinet Fortisandbox	Version 3.2.2
Fortinet Fortisandbox	Version 3.2.3
Fortinet Fortisandbox	Version 4.0.0
Fortinet Fortisandbox	Version 4.0.1
Fortinet Fortisandbox	Version 4.0.2

Related CWEs

CWE-916

Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References (2)

https://fortiguard.com/psirt/FG-IR-20-220

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-20-220

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.