Cryptographic Key Vulnerability in FortiAuthenticator by Fortinet
CVE-2021-24005

4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 6 July 2021

Summary

The vulnerability involves the use of hard-coded cryptographic keys within FortiAuthenticator, enabling unauthorized access to sensitive configuration files and debug logs. Attackers with access to these files or the command-line interface (CLI) can decrypt protected data, citing knowledge of the embedded key. This flaw poses significant risks for data security and privacy, potentially leading to data breaches and unauthorized information disclosure.

Affected Version(s)

FortiAuthenticator FortiAuthenticator versions before 6.3.0.

References

https://fortiguard.com/psirt/FG-IR-20-049

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2021
Vulnerability Reserved
Jan 13, 2021