Lucene search
FortiGuard LabsFG-IR-21-099HistoryMar 01, 2022 - 12:00 a.m.
FortiPortal - Insecure password generation
2022-03-0100:00:00
FortiGuard Labs
www.fortiguard.com
19
0.003 Low
EPSS
Percentile
70.5%
The use of a cryptographically weak pseudo-random number generator (CWE-338) in the password reset feature of FortiPortal may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fortiportal | eq | 6.0.5 | |
| fortiportal | eq | 6.0.4 | |
| fortiportal | eq | 6.0.3 | |
| fortiportal | eq | 6.0.2 | |
| fortiportal | eq | 6.0.1 | |
| fortiportal | eq | 6.0.0 | |
| fortiportal | eq | 5.3.6 | |
| fortiportal | eq | 5.3.5 | |
| fortiportal | eq | 5.3.4 | |
| fortiportal | eq | 5.3.3 |
Related
prion
prion
Design/Logic Flaw
2022-03-01 18:15:00
nvd
nvd
CVE-2021-36171
2022-03-01 18:15:08
cve
cve
CVE-2021-36171
2022-03-01 18:15:08
cvelist
cvelist
CVE-2021-36171
2022-03-01 18:05:10