"Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if the case of the username was changed."
"Local user entries on the FortiGate with 2FA, referencing back to LDAP The same users need to be members of a group on the LDAP server At least one LDAP group the two-factor users are a member of needs to be configured on FortiGate, and the group needs to be used in an authentication policy which could include for example administrative users, SSL, or IPSEC VPN"
CVE-2020-12812 is an improper-authentication flaw in FortiOS SSL VPN that can let a user bypass second-factor authentication by altering username case. The root cause is inconsistent case-sensitive matching between FortiGate local user entries and LDAP, causing FortiGate to treat usernames as case-sensitive while LDAP does not. Exploitation requires local FortiGate users with 2FA referencing LDAP, those users being LDAP group members, and at least one such LDAP group configured and used in an authentication policy. Multiple threat actors have exploited the weakness and it was weaponized against perimeter devices in 2021.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]