CVE-2021-43067: Infoleak
First published: Wed Dec 08 2021(Updated: )
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAuthenticator | >=6.0.1<=6.0.7 | |
| Fortinet FortiAuthenticator | =6.1.0 | |
| Fortinet FortiAuthenticator | =6.1.1 | |
| Fortinet FortiAuthenticator | =6.1.2 | |
| Fortinet FortiAuthenticator | =6.2.0 | |
| Fortinet FortiAuthenticator | =6.2.1 | |
| Fortinet FortiAuthenticator | =6.3.0 | |
| Fortinet FortiAuthenticator | =6.3.1 | |
| Fortinet FortiAuthenticator | =6.3.2 | |
| Fortinet FortiAuthenticator | =6.4.0 | |
| >=6.0.1<=6.0.7 | ||
| =6.1.0 | ||
| =6.1.1 | ||
| =6.1.2 | ||
| =6.2.0 | ||
| =6.2.1 | ||
| =6.3.0 | ||
| =6.3.1 | ||
| =6.3.2 | ||
| =6.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-43067?
CVE-2021-43067 is a vulnerability in Fortinet FortiAuthenticator that allows an unauthorized actor to duplicate a target LDAP user's 2-factor authentication token via crafted HTTP requests.
What versions of Fortinet FortiAuthenticator are affected by CVE-2021-43067?
Fortinet FortiAuthenticator versions 6.4.0, 6.3.2 and below, 6.2.1 and below, 6.1.2 and below, and 6.0.7 to 6.0.1 are affected by CVE-2021-43067.
What is the severity of CVE-2021-43067?
CVE-2021-43067 has a severity rating of 6.5 (high).
How can an attacker exploit CVE-2021-43067?
An attacker can exploit CVE-2021-43067 by sending crafted HTTP requests to duplicate a target LDAP user's 2-factor authentication token.
Is there a fix available for CVE-2021-43067?
Yes, Fortinet has released patches to address CVE-2021-43067. It is recommended to update to the latest version of Fortinet FortiAuthenticator.
- collector/nvd-index
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiauthenticator
- version/fortinet fortiauthenticator/6.0.1
- version/fortinet fortiauthenticator/6.0.7
- version/fortinet fortiauthenticator/6.1.0
- version/fortinet fortiauthenticator/6.1.1
- version/fortinet fortiauthenticator/6.1.2
- version/fortinet fortiauthenticator/6.2.0
- version/fortinet fortiauthenticator/6.2.1
- version/fortinet fortiauthenticator/6.3.0
- version/fortinet fortiauthenticator/6.3.1
- version/fortinet fortiauthenticator/6.3.2
- version/fortinet fortiauthenticator/6.4.0