FortiTester - Missing account lockout on telnet port

Summary

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.

Version Affected Solution
FortiTester 7.2 Not affected Not Applicable
FortiTester 7.1 7.1 all versions Migrate to a fixed release
FortiTester 7.0 7.0 all versions Migrate to a fixed release
FortiTester 4.2 4.2 all versions Migrate to a fixed release
FortiTester 4.1 4.1 all versions Migrate to a fixed release
FortiTester 4.0 4.0 all versions Migrate to a fixed release
FortiTester 3.9 3.9 all versions Migrate to a fixed release
FortiTester 3.8 3.8 all versions Migrate to a fixed release
FortiTester 3.7 3.7 all versions Migrate to a fixed release
FortiTester 3.6 3.6 all versions Migrate to a fixed release
FortiTester 3.5 3.5 all versions Migrate to a fixed release
FortiTester 3.4 3.4 all versions Migrate to a fixed release
FortiTester 3.3 3.3 all versions Migrate to a fixed release
FortiTester 3.2 3.2 all versions Migrate to a fixed release
FortiTester 3.1 3.1 all versions Migrate to a fixed release
FortiTester 3.0 3.0 all versions Migrate to a fixed release
FortiTester 2.9 2.9 all versions Migrate to a fixed release
FortiTester 2.8 2.8 all versions Migrate to a fixed release
FortiTester 2.7 2.7 all versions Migrate to a fixed release
FortiTester 2.6 2.6 all versions Migrate to a fixed release
FortiTester 2.5 2.5 all versions Migrate to a fixed release
FortiTester 2.4 2.4 all versions Migrate to a fixed release
FortiTester 2.3 2.3 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.