PSIRT Advisories
FortiMail - Administrative authentication bypass
Summary
An improper authentication vulnerability [CWE-287] in FortiMail may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
Affected Products
FortiMail version 7.0.0 and below.
FortiMail version 6.4.5 and below.
FortiMail version 6.2.7 and below.
FortiMail version 6.0.11 and below.
FortiMail version 5.4.12 and below.
Solutions
Upgrade to FortiMail version 7.0.1.
Upgrade to FortiMail version 6.4.6.
Upgrade to FortiMail version 6.2.8.
Upgrade to FortiMail version 6.0.12.