A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 up to and including 6.4.4, and 6.2.0 up to and including 6.2.7 may allow an unauthenticated malicious user to tamper with signed URLs by appending further data which allows bypass of signature verification.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimail |