2 matches found
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. An attacker can gain unauthorized access to another user's account by leveraging a specially crafted email address when switching authentication methods and sending a request to the...
FortiAuthenticator - "Mandatory password and OTP" setting not enforcing OTP on unimported remote users
An incorrect implementation of authentication algorithm vulnerability CWE-303 in FortiAuthenticator may allow an user whose LDAP account is unimported to bypass the second factor of authentication via a RADIUS login portal...