An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 up to and including 4.1.1, 4.0.0 up to and including 4.0.2, 3.3.0 up to and including 3.3.3, 3.2.0 up to and including 3.2.2,3.1.0 up to and including 3.1.1 and 3.0.0 up to and including 3.0.2 may allow a remote malicious user to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortideceptor 3.1.0 |
||
fortinet fortisandbox 3.2.2 |
||
fortinet fortisandbox 3.2.0 |
||
fortinet fortisandbox 3.2.1 |
||
fortinet fortideceptor 3.1.1 |
||
fortinet fortideceptor 4.1.0 |
||
fortinet fortideceptor 4.1.1 |
||
fortinet fortideceptor 4.2.0 |
||
fortinet fortideceptor |
||
fortinet fortisandbox |
||
fortinet fortisandbox 3.2.3 |