FortiMail - Potential Remote_wildcard RADIUS login bypass in FortiMail 7.4.0

Summary

An improper access control vulnerability [CWE-284] in FortiMail configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

Version Affected Solution
FortiMail 7.4 7.4.0 Upgrade to 7.4.1 or above

Timeline

2023-12-12: Initial publication