Vulnerabilities > CVE-2022-26115 - Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
fortinet
CWE-916
NVD
Published: 2023-02-16
Updated: 2023-11-07

Summary

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

Vulnerable Configurations

Part Description Count
Application
Fortinet
7

Common Weakness Enumeration (CWE)

References