Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiauthenticator vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23664
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an malicious user to to redirect users to an arbitrary website via a crafted URL.
8.8
CVSSv3
CVE-2023-46717
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
Fortinet Fortios
1 Article
3.3
CVSSv3
CVE-2022-22302
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 up to and including 6.4.1, 6.2.0 up to and including 6.2.9 and 6.0.0 up to and including 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a l...
Fortinet Fortios 6.4.0
Fortinet Fortios
Fortinet Fortiauthenticator 6.1.0
Fortinet Fortios 6.4.1
Fortinet Fortiauthenticator 5.5.0
Fortinet Fortiauthenticator
6.1
CVSSv3
CVE-2022-35850
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 up to and including 6.4.4, 6.3.0 up to and including 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated malicious user to trigger a ...
Fortinet Fortiauthenticator
5.3
CVSSv3
CVE-2023-26208
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated malicious user to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
Fortinet Fortiauthenticator
6.1
CVSSv3
CVE-2022-22304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated malicious user to perform an XSS attack via crafted HTTP GET requests.
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.2
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.1
8.8
CVSSv3
CVE-2021-26116
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator prior to 6.3.1 may allow an authenticated malicious user to execute unauthorized commands via specifically crafted arguments to existing comman...
Fortinet Fortiauthenticator
4.3
CVSSv3
CVE-2021-36177
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Fortinet Fortiauthenticator
8.1
CVSSv3
CVE-2021-43068
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
Fortinet Fortiauthenticator 6.4.0
6.5
CVSSv3
CVE-2021-43067
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows malicious user to duplicate a target LDAP user 2 factors authenticat...
Fortinet Fortiauthenticator
Fortinet Fortiauthenticator 6.1.0
Fortinet Fortiauthenticator 6.1.1
Fortinet Fortiauthenticator 6.1.2
Fortinet Fortiauthenticator 6.2.0
Fortinet Fortiauthenticator 6.2.1
Fortinet Fortiauthenticator 6.3.0
Fortinet Fortiauthenticator 6.3.1
Fortinet Fortiauthenticator 6.3.2
Fortinet Fortiauthenticator 6.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »