Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortiauthenticator vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2021-43068
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
Fortinet Fortiauthenticator 6.4.0
NA
CVE-2015-1456
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1455
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote malicious users to obtain access via unspecified vectors.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1457
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1458
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
Fortinet Fortiauthenticator 3.0.0
NA
CVE-2015-1459
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote malicious users to inject arbitrary web script or HTML via the operation parameter to cert/scep/.
Fortinet Fortiauthenticator 3.0.0
7.5
CVSSv3
CVE-2021-22124
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 up to and including 3.2.2, 3.1.0 up to and including 3.1.4, and 3.0.0 up to and including 3.0.6; and FortiAuthenticator prior to 6.0.6 may allow an unauthenticated ma...
Fortinet Fortiauthenticator
Fortinet Fortisandbox
6.1
CVSSv3
CVE-2022-22304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated malicious user to perform an XSS attack via crafted HTTP GET requests.
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.2
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.1
NA
CVE-2024-23664
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an malicious user to to redirect users to an arbitrary website via a crafted URL.
8.8
CVSSv3
CVE-2023-46717
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
Fortinet Fortios
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2