Improper access control

2022-03-0210:15:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user’s password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.

CPENameOperatorVersion
fortitoken_mobileeq5.1.0
fortitoken_mobileeq5.0.3
fortitoken_mobileeq5.0.2
fortitoken_mobileeq4.5.0
fortitoken_mobileeq4.4.0
fortitoken_mobileeq4.3.0
fortitoken_mobileeq4.2.2
fortitoken_mobileeq4.2.1
fortitoken_mobileeq4.1.1
fortitoken_mobileeq4.0.1

Name	Operator	Version
fortitoken_mobile	eq	5.1.0
fortitoken_mobile	eq	5.0.3
fortitoken_mobile	eq	5.0.2
fortitoken_mobile	eq	4.5.0
fortitoken_mobile	eq	4.4.0
fortitoken_mobile	eq	4.3.0
fortitoken_mobile	eq	4.2.2
fortitoken_mobile	eq	4.2.1
fortitoken_mobile	eq	4.1.1
fortitoken_mobile	eq	4.0.1

Rows per page:

1-10 of 111

References

fortiguard.com/psirt/FG-IR-21-210