CVE-2021-44166

An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...

CVE-2021-44166

An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...

CVE-2021-44166

Summary: CVE-2021-44166 affects Fortinet FortiToken Mobile for Android (external push notification, versions ≤ 5.1.0). The root cause is an improper access control (CWE-284) that could allow a remote attacker who already has a user’s password to access the protected system during the 2FA flow, ev...

FortiToken Mobile (Android) - Deny request approved from External push notification

An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user...