PSIRTFortiTester - Missing account lockout on telnet port
Summary
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
| Version | Affected | Solution |
|---|---|---|
| FortiTester 7.2 | Not affected | Upgrade to 7.2.0 or above |
| FortiTester 7.1 | 7.1.0 | Upgrade to 7.1.1 or above |
| FortiTester 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiTester 4.2 | 4.2.0 | Upgrade to 4.2.1 or above |
| FortiTester 4.1 | 4.1 all versions | Migrate to a fixed release |
| FortiTester 4.0 | 4.0 all versions | Migrate to a fixed release |
| FortiTester 3.9 | 3.9.0 through 3.9.1 | Upgrade to 3.9.2 or above |
| FortiTester 3.8 | 3.8 all versions | Migrate to a fixed release |
| FortiTester 3.7 | 3.7 all versions | Migrate to a fixed release |
| FortiTester 3.6 | 3.6 all versions | Migrate to a fixed release |
| FortiTester 3.5 | 3.5 all versions | Migrate to a fixed release |
| FortiTester 3.4 | 3.4 all versions | Migrate to a fixed release |
| FortiTester 3.3 | 3.3 all versions | Migrate to a fixed release |
| FortiTester 3.2 | 3.2 all versions | Migrate to a fixed release |
| FortiTester 3.1 | 3.1 all versions | Migrate to a fixed release |
| FortiTester 3.0 | 3.0 all versions | Migrate to a fixed release |
| FortiTester 2.9 | 2.9 all versions | Migrate to a fixed release |
| FortiTester 2.8 | 2.8 all versions | Migrate to a fixed release |
| FortiTester 2.7 | 2.7 all versions | Migrate to a fixed release |
| FortiTester 2.6 | 2.6 all versions | Migrate to a fixed release |
| FortiTester 2.5 | 2.5 all versions | Migrate to a fixed release |
| FortiTester 2.4 | 2.4 all versions | Migrate to a fixed release |
| FortiTester 2.3 | 2.3 all versions | Migrate to a fixed release |