Improper authentication following read-only user login


An improper authentication vulnerability [CWE-287] in FortiOS when configured with FortiAuthenticator in HA may allow an authenticated attacker with at least read-only permission to gain read-write access via successive login attempts.

Affected Products

FortiOS version 7.4.0 through 7.4.1
FortiOS version 7.2.0 through 7.2.6
FortiOS version 7.0.0 through 7.0.12


Please upgrade to FortiOS 7.4.2 or above
Please upgrade to FortiOS 7.2.7 or above
Please upgrade to ForitOS 7.0.13 or above
Workaround- Disable push notifications for FortiAuthenticator:
For RADIUS Authentication (From FortiAuthenticator)- ## RADIUS Service > Policies > (select policy) > Authentication Factors > Advanced Options >
## Allow FortiToken Mobile push notifications


2024-02-22: Initial publication