Skip to main content

Fortiauthenticator CVE-2021-43068

HIGH
Improper Authentication (CWE-287)
2021-12-09 psirt@fortinet.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 09, 2021 - 10:15 nvd
HIGH 8.1

DescriptionNVD

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.

AnalysisAI

A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal. Affected products include: Fortinet Fortiauthenticator. Version information: version 6.4.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2015-1458 MEDIUM POC
6.9 Feb 03

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tm

CVE-2013-6990 CRITICAL
9.0 Apr 30

FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.

CVE-2015-1457 MEDIUM POC
4.9 Feb 03

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Rated m

CVE-2015-1459 MEDIUM POC
4.3 Feb 03

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrar

CVE-2015-1455 HIGH
7.5 Feb 03

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www

CVE-2025-53379 HIGH
7.5 Jul 14

Information disclosure in Fortinet FortiAuthenticator (6.5 all versions and 6.6.0–6.6.2) lets a remote unauthenticated a

CVE-2021-22124 HIGH
7.5 Aug 04

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 throug

CVE-2021-24005 HIGH
7.5 Jul 06

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions befo

CVE-2026-21743 HIGH
7.2 Feb 10

FortiAuthenticator 6.3 through 6.6.6 allows read-only users to modify local user accounts by uploading files to an unpro

CVE-2021-43067 MEDIUM
6.5 Dec 08

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2

CVE-2024-23664 MEDIUM
6.1 Jun 03

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and be

CVE-2018-9186 MEDIUM
6.1 May 31

A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF valida

Share

CVE-2021-43068 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy