Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

FortiAuthenticator Security Vulnerabilities

cve
cve

CVE-2022-22302

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet...

3.3CVSS

3.4AI Score

0.0004EPSS

2023-07-11 09:15 AM
689
cve
cve

CVE-2022-35850

An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via.....

6.1CVSS

6AI Score

0.001EPSS

2023-04-11 05:15 PM
16
cve
cve

CVE-2023-26208

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login...

5.3CVSS

5.5AI Score

0.001EPSS

2023-03-09 03:15 PM
22
cve
cve

CVE-2022-22304

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET...

6.1CVSS

6AI Score

0.001EPSS

2022-07-18 05:15 PM
57
5
cve
cve

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

8.8CVSS

8.8AI Score

0.002EPSS

2022-04-06 04:15 PM
48
cve
cve

CVE-2021-36177

An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's...

4.3CVSS

4.7AI Score

0.001EPSS

2022-02-02 11:15 AM
26
cve
cve

CVE-2021-43068

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login...

8.1CVSS

8AI Score

0.001EPSS

2021-12-09 10:15 AM
20
cve
cve

CVE-2021-43067

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted...

6.5CVSS

6.4AI Score

0.002EPSS

2021-12-08 12:15 PM
17
cve
cve

CVE-2021-22124

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state...

7.5CVSS

7.5AI Score

0.001EPSS

2021-08-04 07:15 PM
37
cve
cve

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded...

7.5CVSS

7.4AI Score

0.002EPSS

2021-07-06 11:15 AM
21
cve
cve

CVE-2019-16154

An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon...

6.1CVSS

6AI Score

0.001EPSS

2020-01-07 07:15 PM
71
cve
cve

CVE-2018-9186

A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer...

6.1CVSS

6AI Score

0.001EPSS

2018-05-31 10:29 PM
19
cve
cve

CVE-2015-1456

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at...

6.3AI Score

0.001EPSS

2015-02-03 04:59 PM
25
cve
cve

CVE-2015-1459

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to...

5.8AI Score

0.006EPSS

2015-02-03 04:59 PM
20
cve
cve

CVE-2015-1455

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified...

6.8AI Score

0.007EPSS

2015-02-03 04:59 PM
20
cve
cve

CVE-2015-1457

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig...

6.4AI Score

0.0004EPSS

2015-02-03 04:59 PM
22
cve
cve

CVE-2015-1458

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell"...

6.7AI Score

0.0004EPSS

2015-02-03 04:59 PM
21
cve
cve

CVE-2013-6990

FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line...

7.2AI Score

0.001EPSS

2014-04-30 02:22 PM
13