35 matches found
CVE-2021-22131
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks...
EUVD-2017-12273
Malware in sbrugna...
EUVD-2021-31016
Malicious code in bioql PyPI...
CVE-2023-50178
An improper certificate validation vulnerability CWE-295 in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication...
CVE-2023-50178
An improper certificate validation vulnerability CWE-295 in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication...
CVE-2023-50178
FortiADC is affected by an improper certificate validation vulnerability (CWE-295) that may allow remote, unauthenticated attackers to perform a Man-in-the-Middle on the channel between FortiADC devices and remote servers (e.g., private SDN connectors, FortiToken Cloud). Connected sources consist...
CVE-2023-50178
An improper certificate validation vulnerability CWE-295 in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication...
PT-2024-13879 · Fortinet · Fortiadc
Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0 through 7.4.0 Description: The issue is related to an improper certificate validation, which may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the...
CVE-2021-22131
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks...
CVE-2021-22131
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks...
Fortinet FortiToken Mobile 信任管理问题漏洞
Fortinet FortiToken Mobile is an Oath-compliant, event-based and time-based one-time password Otp generator application from U.S.-based Fortinet. A security vulnerability exists in Fortinet FortiToken Mobile that originates from incorrect certificate validation. A remote attacker could exploit th...
Fortinet FortiToken Mobile Access Control Error Vulnerability
Fortinet FortiToken Mobile is an Oath-compliant, event-based and time-based one-time password Otp generator application from Fortinet U.S.A. An access control error vulnerability exists in Fortinet FortiToken Mobile versions 5.1.0 and below, which stems from a network system or the product does n...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
Improper access control
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
CVE-2021-44166
Summary: CVE-2021-44166 affects Fortinet FortiToken Mobile for Android (external push notification, versions ≤ 5.1.0). The root cause is an improper access control (CWE-284) that could allow a remote attacker who already has a user’s password to access the protected system during the 2FA flow, ev...
CVE-2021-44166
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the...
Fortinet FortiToken Mobile 访问控制错误漏洞
Fortinet FortiToken Mobile is an Oath-compliant, event-based and time-based one-time password Otp generator application from Fortinet U.S.A. An access control error vulnerability exists in Fortinet FortiToken Mobile versions 5.1.0 and below, which stems from a network system or the product does n...
FortiToken Mobile (Android) - Deny request approved from External push notification
An improper access control vulnerability CWE-284 in FortiToken Mobile Android external push notification may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user...