Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fortiauthenticator
(Fortinet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-11 | CVE-2022-35850 | An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. | Fortiauthenticator | 6.1 | ||
| 2023-07-11 | CVE-2022-22302 | A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. | Fortiauthenticator, Fortios | 3.3 | ||
| 2020-01-07 | CVE-2019-16154 | An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | Fortiauthenticator | N/A | ||
| 2018-05-31 | CVE-2018-9186 | A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | Fortiauthenticator | 6.1 | ||
| 2015-02-03 | CVE-2015-1459 | Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | Fortiauthenticator | N/A | ||
| 2015-02-03 | CVE-2015-1458 | Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | Fortiauthenticator | N/A | ||
| 2015-02-03 | CVE-2015-1457 | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | Fortiauthenticator | N/A | ||
| 2015-02-03 | CVE-2015-1456 | Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | Fortiauthenticator | N/A | ||
| 2015-02-03 | CVE-2015-1455 | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | Fortiauthenticator | N/A | ||
| 2014-04-30 | CVE-2013-6990 | FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | Fortiauthenticator | N/A |