Fortinet: >> Fortitoken Mobile >> 5.1.0 Security Vulnerabilities
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.
CVSS Score
4.1
EPSS Score
0.002
Published
2022-03-02