CVE-2022-26115Use of Password Hash With Insufficient Computational Effort in Fortinet Fortisandbox

CWE-916Use of Password Hash With Insufficient Computational Effort4 documents4 sources
Severity
7.5HIGHNVD
CNA5.9
EPSS
0.2%
top 64.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisandbox
Timeline
PublishedFeb 16

Description

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/fortisandbox4.0.04.0.2+1
NVDfortinet/fortisandbox7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-335q-v5r7-xq5p: A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 42023-02-16
CVEList
CVE-2022-26115: A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 42023-02-16

📋Vendor Advisories

1
Fortinet
Improper password storage mechanism2023-02-16
CVE-2022-26115 — Fortinet Fortisandbox vulnerability | cvebase