Improper authentication following read-only user login
Summary
An improper authentication vulnerability [CWE-287] in FortiOS when configured with FortiAuthenticator in HA may allow an authenticated attacker with at least read-only permission to gain read-write access via successive login attempts.
Affected Products
FortiOS version 7.4.0 through 7.4.1
FortiOS version 7.2.0 through 7.2.6
FortiOS version 7.0.0 through 7.0.12
Solutions
Please upgrade to FortiOS 7.4.2 or above
Please upgrade to FortiOS 7.2.7 or above
Please upgrade to ForitOS 7.0.13 or above
Workaround- Disable push notifications for FortiAuthenticator:
For RADIUS Authentication (From FortiAuthenticator)- ## RADIUS Service > Policies > (select policy) > Authentication Factors > Advanced Options >
Allow FortiToken Mobile push notifications
(disable)
Timeline
2024-02-22: Initial publication