Use of Predictable Salt Vulnerability in FortiPortal by Fortinet
CVE-2021-32596

6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiportal
Vendor: CVE Published:; 4 August 2021

What is CVE-2021-32596?

A vulnerability in the password storing mechanism of FortiPortal versions 6.0.0 to 6.04 exists due to the use of one-way hashing with a predictable salt. This flaw may allow an attacker, who has already gained access to the password store, to utilize precomputed tables to decrypt stored passwords, potentially compromising sensitive user accounts.

Affected Version(s)

Fortinet FortiPortal FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

References

https://fortiguard.com/advisory/FG-IR-21-094

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2021
Vulnerability Reserved
May 11, 2021