CVE-2021-32596

Summary

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiPortalFortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References