Vulnerability Details CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 5.0
Products affected by CVE-2021-24005
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.0
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.1
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.2
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.3
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.4
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.5
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.6
-
cpe:2.3:a:fortinet:fortiauthenticator:6.0.7
-
cpe:2.3:a:fortinet:fortiauthenticator:6.1.0
-
cpe:2.3:a:fortinet:fortiauthenticator:6.1.1
-
cpe:2.3:a:fortinet:fortiauthenticator:6.1.2
-
cpe:2.3:a:fortinet:fortiauthenticator:6.2.0
-
cpe:2.3:a:fortinet:fortiauthenticator:6.2.1