Vulnerabilities > CVE-2020-12812 - Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Fortinet patches bug letting attackers takeover servers remotely (source)
- Fortinet delays patching zero-day allowing remote server takeover (source)
- US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet (source)
- U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws (source)