FortiAuthenticator - "Mandatory password and OTP" setting not enforcing OTP on unimported remote users
Summary
An incorrect implementation of authentication algorithm vulnerability [CWE-303] in FortiAuthenticator may allow an user whose LDAP account is unimported to bypass the second factor of authentication via a RADIUS login portal.
Version | Affected | Solution |
---|---|---|
FortiAuthenticator 6.4 | 6.4.0 | Upgrade to 6.4.1 or above |