CVE-2021-24005 MEDIUM

CVE-2021-24005

Vendor Fortinet
Product FortiAuthenticator
Published July 6, 2021
Last update October 25, 2024

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.

Key dates

02Disclosure timeline

July 6, 2021 CVE published
October 25, 2024 Record updated