CVE-2021-43067
published 2021-12-08CVE-2021-43067: A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | — | — |
| fortinet | fortiauthenticator | 6.0.1 – 6.0.7 | — |
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortiauthenticator | — | — |