CVE-2015-1455 — Fortinet Fortiauthenticator vulnerability

CWE-2553 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiauthenticator

Timeline

PublishedFeb 3

Latest updateMay 17

Description

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfortinet/fortiauthenticator3.0.0

🔴Vulnerability Details

GHSA

GHSA-77mj-72fj-fgxg: Fortinet FortiAuthenticator 3↗2022-05-17

▶

CVEList

CVE-2015-1455: Fortinet FortiAuthenticator 3↗2015-02-03

▶