CVE-2020-12812

CRITICAL
2020-07-24 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 24, 2025 - 12:53 cisa
CISA KEV
CVE Published
Jul 24, 2020 - 23:15 nvd
CRITICAL 9.8

Description

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Analysis

FortiOS SSL-VPN contains an improper authentication vulnerability that allows users to bypass two-factor authentication by changing the case of their username, undermining MFA security controls.

Technical Context

The CWE-178 case-sensitivity flaw means the 2FA lookup treats 'admin' and 'Admin' as different users. The password validation is case-insensitive (matching the AD backend), but the FortiToken association lookup is case-sensitive. Logging in with a different-case username passes password auth but skips the 2FA check.

Affected Products

['Fortinet FortiOS 6.4.0', 'Fortinet FortiOS 6.2.0 to 6.2.3', 'Fortinet FortiOS 6.0.9 and below']

Remediation

Upgrade FortiOS immediately. Review VPN authentication logs for case-variant login attempts. Ensure all remote access requires properly enforced MFA that cannot be bypassed through case manipulation.

Priority Score

59
Low Medium High Critical
KEV: +50
EPSS: +48.5
CVSS: +49
POC: 0

Share

CVE-2020-12812 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy