CVE-2020-12812 – Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

https://notcve.org/view.php?id=CVE-2020-12812

24 Jul 2020 — An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. Una vulnerabilidad de autenticación inapropiada en SSL VPN en FortiOS versiones 6.4.0, 6.2.0 a 6.2.3, 6.0.9 y posteriores, puede resultar en que un usuario sea capaz de iniciar sesión con éxito sin que sea requerido el segundo factor d... • https://fortiguard.com/psirt/FG-IR-19-283 • CWE-178: Improper Handling of Case Sensitivity CWE-287: Improper Authentication •