Vulnerabilities > CVE-2021-32596 - Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortiportal

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fortinet

CWE-916

NVD

Published: 2021-08-04

Updated: 2021-08-10

Summary

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiportal 6.0.0 Fortinet Fortiportal 6.0.1 Fortinet Fortiportal 6.0.2 Fortinet Fortiportal 6.0.3 Fortinet Fortiportal 6.0.4	5

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://fortiguard.com/advisory/FG-IR-21-094