CVE-2020-12812
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Una vulnerabilidad de autenticación inapropiada en SSL VPN en FortiOS versiones 6.4.0, 6.2.0 a 6.2.3, 6.0.9 y posteriores, puede resultar en que un usuario sea capaz de iniciar sesión con éxito sin que sea requerido el segundo factor de autenticación (FortiToken) si cambiaron el caso de su nombre de usuario
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-12 CVE Reserved
- 2020-07-24 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-02-14 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- First Exploit
CWE
- CWE-178: Improper Handling of Case Sensitivity
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://fortiguard.com/psirt/FG-IR-19-283 | 2024-02-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | < 6.0.10 Search vendor "Fortinet" for product "Fortios" and version " < 6.0.10" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.2.0 < 6.2.4 Search vendor "Fortinet" for product "Fortios" and version " >= 6.2.0 < 6.2.4" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | 6.4.0 Search vendor "Fortinet" for product "Fortios" and version "6.4.0" | - |
Affected
|