A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of FortiMail Identity Based Encryption service may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.
FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.
Please upgrade to FortiMail version 7.0.0 or above
Please upgrade to FortiMail version 6.4.5 or above