FortiMail - Unauthenticated encryption in IBE leads to email plaintext recovery

ID FG-IR-21-003
Type fortinet
Reporter FortiGuard Labs
Modified 2021-07-07T00:00:00


A missing cryptographic step in FortiMail IBE may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.