| IR Number | FG-IR-20-220 |
| Date | Feb 16, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 5.4 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-26115 |
| Affected Products |
FortiSandbox
:
4.0.3, 4.0.2, 4.0.1, 4.0.0, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.2.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiSandbox - Improper password storage mechanism
Summary
A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.
Affected Products
FortiSandbox version 4.0.0 through 4.0.2FortiSandbox version 3.2.0 through 3.2.3
Solutions
Upgrade to FortiSandbox version 4.2.0 and above.