CVE-2021-32596
First published: Wed Aug 04 2021(Updated: )
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiPortal | >=6.0.0<=6.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32596?
CVE-2021-32596 is a vulnerability in the password storing mechanism of FortiPortal versions 6.0.0 through 6.0.4 that may allow an attacker to decrypt stored passwords.
How severe is CVE-2021-32596?
CVE-2021-32596 has a severity score of 7.5 (high).
How does CVE-2021-32596 affect FortiPortal?
CVE-2021-32596 affects FortiPortal versions 6.0.0 through 6.0.4.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-32596?
The CWE ID for CVE-2021-32596 is 916.
How can I mitigate the CVE-2021-32596 vulnerability?
To mitigate the CVE-2021-32596 vulnerability, it is recommended to update FortiPortal to a version beyond 6.0.4 and follow Fortinet's security advisories.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/type
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiportal
- version/fortinet fortiportal/6.0.0
- version/fortinet fortiportal/6.0.4