CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-19-283 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*

History

13 Feb 2024, 17:25

Type Values Removed Values Added
CWE CWE-287

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-287 CWE-178

Information

Published : 2020-07-24 23:15

Updated : 2024-02-13 17:25


NVD link : CVE-2020-12812

Mitre link : CVE-2020-12812

CVE.ORG link : CVE-2020-12812


JSON object : View

Products Affected

fortinet

  • fortios
CWE
CWE-178

Improper Handling of Case Sensitivity

CWE-287

Improper Authentication