#2fa-bypass

[ follow ]
#cve-2020-12812 #ldap #fortios #ssl-vpn #fortios-ssl-vpn #phishing-as-a-service #credential-interception
Information security
fromTechzine Global
1 week ago

Attackers exploit five-year-old Fortinet vulnerability

A critical FortiOS SSL VPN flaw (CVE-2020-12812) allows 2FA bypass via username changes; patches have existed since 2020 but many systems remain unpatched.
Information security
fromThe Hacker News
2 weeks ago

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

CVE-2020-12812 allows LDAP users with 2FA on FortiGate SSL VPN to bypass second-factor authentication when username case mismatches under specific configurations.
Information security
fromThe Hacker News
3 months ago

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises

Salty2FA is a PhaaS phishing kit that bypasses push, SMS, and voice 2FA to intercept credentials and codes, enabling high-impact account takeovers across industries.
[ Load more ]