An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-21-028 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jul 2022, 17:42
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-330 |
09 Mar 2022, 13:55
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-287 | |
| References | (CONFIRM) https://fortiguard.com/psirt/FG-IR-21-028 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* |
|
| First Time |
Fortinet
Fortinet fortimail |
|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
01 Mar 2022, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. |
01 Mar 2022, 18:56
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-01 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-36166
Mitre link : CVE-2021-36166
CVE.ORG link : CVE-2021-36166
JSON object : View
Products Affected
fortinet
- fortimail
CWE
CWE-330
Use of Insufficiently Random Values