CVE-2021-43067

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:28

Type Values Removed Values Added
References () https://fortiguard.com/advisory/FG-IR-21-211 - Broken Link () https://fortiguard.com/advisory/FG-IR-21-211 - Broken Link
CVSS v2 : 4.3
v3 : 6.5
v2 : 4.3
v3 : 8.3

09 Dec 2021, 14:41

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*
References (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-211 - (CONFIRM) https://fortiguard.com/advisory/FG-IR-21-211 - Broken Link
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.5
CWE CWE-200

08 Dec 2021, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-08 12:15

Updated : 2024-11-21 06:28


NVD link : CVE-2021-43067

Mitre link : CVE-2021-43067

CVE.ORG link : CVE-2021-43067


JSON object : View

Products Affected

fortinet

  • fortiauthenticator
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor