CVE-2023-26208

Published: Mar 9, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

Affected (1)

Products: Fortinet: Fortiauthenticator

1 product

Fortiauthenticator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiauthenticator	From 5.4.0 to 6.5.0

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://fortiguard.com/psirt/FG-IR-20-078

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-20-078

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.