Potential Remote_wildcard RADIUS login bypass


An improper access control vulnerability [CWE-284] in FortiMail configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

Version Affected Solution
FortiMail 7.4 7.4.0 Upgrade to 7.4.1 or above


2023-12-12: Initial publication