Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortiauthenticator vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-1456
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1459
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote malicious users to inject arbitrary web script or HTML via the operation parameter to cert/scep/.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1455
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1457
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1458
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
Fortinet Fortiauthenticator 3.0.0
8.1
CVSSv3
CVE-2021-43068
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
Fortinet Fortiauthenticator 6.4.0
7.5
CVSSv3
CVE-2021-22124
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6; and FortiAuthenticator prior to 6.0.6 may allow an unauthenticated ma...
Fortinet Fortiauthenticator
Fortinet Fortisandbox
6.1
CVSSv3
CVE-2022-22304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated malicious user to perform an XSS attack via crafted HTTP GET requests.
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.2
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.1
8.8
CVSSv3
CVE-2023-46717
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
Fortinet Fortios
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2