Vulnerability CVE-2021-44166
Published: 2022-03-02

Description:
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.

 References:
https://fortiguard.com/psirt/FG-IR-21-210
Copyright 2026, cxsecurity.com

 

Back to Top