Cryptographic Flaw in FortiMail's Identity-Based Encryption Service
CVE-2021-26099

4.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimail
Vendor: CVE Published:; 12 July 2021

What is CVE-2021-26099?

A security vulnerability exists in the Identity-Based Encryption service of FortiMail prior to version 7.0.0. This flaw may enable an attacker who gains access to the encrypted master keys to breach their confidentiality. By analyzing specific invariant properties of the ciphertext produced by the service, an adversary could potentially compromise sensitive information.

Affected Version(s)

Fortinet FortiMail FortiMail before 7.0.0

References

https://fortiguard.com/advisory/FG-IR-20-244

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2021
Vulnerability Reserved
Jan 25, 2021