Vulnerability CVE-2021-32596


Published: 2021-08-04

Description:
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

Type:

CWE-916

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Fortinet -> Fortiportal 

 References:
https://fortiguard.com/advisory/FG-IR-21-094

Copyright 2024, cxsecurity.com

 

Back to Top