FortiAuthenticator, FortiDeceptor & FortiMail - Improper restriction over excessive authenticationÂ attempts

2023-03-0700:00:00

FortiGuard Labs

www.fortiguard.com

vulnerability

fortiauthenticator

fortideceptor

fortimail

cpu

memory

http requests

0.001 Low

EPSS

Percentile

46.9%

JSON

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiAuthenticator, FortiDeceptor & FortiMail may allow a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

CPENameOperatorVersion
fortimaileq6.4.0
fortimaileq6.2.4
fortimaileq6.2.3
fortimaileq6.2.2
fortimaileq6.2.1
fortimaileq6.0.9
fortimaileq6.0.8
fortimaileq6.0.7
fortimaileq6.0.6
fortimaileq6.0.5

Name	Operator	Version
fortimail	eq	6.4.0
fortimail	eq	6.2.4
fortimail	eq	6.2.3
fortimail	eq	6.2.2
fortimail	eq	6.2.1
fortimail	eq	6.0.9
fortimail	eq	6.0.8
fortimail	eq	6.0.7
fortimail	eq	6.0.6
fortimail	eq	6.0.5

Rows per page:

1-10 of 781

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for FG-IR-20-078