37 matches found
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...
The vulnerability of the FortiOS operating system, related to deficiencies in authentication procedures, allows attackers to gain access to the system without requiring a second authentication factor.
The vulnerability of the FortiOS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to the system remotely, without requiring a second authentication factor FortiToken...
VulnCheck KEV: CVE-2020-12812
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...
Fortinet FortiOS < 6.0.10 / 6.2.x < 6.2.4 / 6.4.x < 6.4.1 Improper Authentication (FG-IR-19-283)
The remote host is running a version of FortiOS prior to 6.0.10, 6.2.x prior to 6.2.4, or 6.4.x prior to 6.4.1. It is, therefore, affected by an improper authentication vulnerability due to an issue with the 'username-case-sensitivity' CLI attribute for the SSL VPN. An unauthenticated, remote...
Fortinet FortiOS SSL VPN Authorization Issues Vulnerability
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. SSL VPN is one of the virtual private netwo...
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...
CVE-2020-12812
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...
Protect
An improper authentication vulnerability in SSL VPN in FortiOS may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...
PT-2020-6439
Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.0 through 6.0.9 FortiOS versions 6.2.0 through 6.2.3 FortiOS version 6.4.0 Description An improper authentication issue exists in the SSL VPN functionality of FortiOS. This allows attackers to bypass two-factor...
The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.
The vulnerability in the FortiOS operating system’s web interface stems from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code during the activation of FortiToken using the “action” parameter...
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...
Cross site scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken...
FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages
Three XSS vulnerabilities...
Fortinet FortiAuthenticator Appliance Command Execution Vulnerability
Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. A command execution vulnerability exist...