DEV Community

Cover image for CVE-2020-12812: Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2020-12812: Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

#fortinet #fortios #cybersecurity #vulnerability

CVE ID

CVE-2020-12812

Vulnerability Name

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

  • Project: Fortinet
  • Product: FortiOS

Date

  • Date Added: 2021-11-03
  • Due Date: 2022-05-03

Description

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-12812

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)