Shodan
Vulnerabilities
Vulnerable Software
Fortinet:  >> Fortiauthenticator  Security Vulnerabilities
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.
CVSS Score
4.0
EPSS Score
0.001
Published
2021-07-06
CVE-2019-16154
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-01-07
CVE-2018-9186
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-31
CVE-2015-1459
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-02-03
CVE-2015-1458
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
CVSS Score
6.9
EPSS Score
0.001
Published
2015-02-03
CVE-2015-1457
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVSS Score
4.9
EPSS Score
0.001
Published
2015-02-03
CVE-2015-1456
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-02-03
CVE-2015-1455
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-02-03
CVE-2013-6990
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
CVSS Score
9.0
EPSS Score
0.003
Published
2014-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved