Improper password storage mechanism

Improper password storage mechanism Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-220 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords. None Execute unauthorized code or commands FortiSandbox 4.2 all versions are not affectedFortiSandbox 4.0 all versionsFortiSandbox 3.2 all versionsFortiSandbox 3.1 all versions are not affectedFortiDeceptor 5.1 all versions are not affectedFortiDeceptor version 5.0.0FortiDeceptor 4.3 all versionsFortiDeceptor 4.2 all versionsFortiDeceptor 4.1 all versionsFortiDeceptor 4.0 all versionsFortiDeceptor 3.3 all versionsFortiDeceptor 3.2 all versionsFortiDeceptor 3.1 all versionsFortiDeceptor 3.0 all versionsFortiDeceptor 2.1 all versions are not affectedFortiDeceptor 2.0 all versions are not affectedFortiDeceptor 1.1 all versions are not affectedFortiDeceptor 1.0 all versions are not affected Upgrade to FortiSandbox version 4.2.0 and above. Internally discovered by Giuseppe Cocomazzi. FortiDeceptor 5.0.0 FortiDeceptor 4.3.0 FortiDeceptor 4.2.0 FortiDeceptor 4.1.1 FortiDeceptor 4.1.0 FortiDeceptor 4.0.2 FortiDeceptor 4.0.1 FortiDeceptor 4.0.0 FortiDeceptor 3.3.3 FortiDeceptor 3.3.2 FortiDeceptor 3.3.1 FortiDeceptor 3.3.0 FortiDeceptor 3.2.2 FortiDeceptor 3.2.1 FortiDeceptor 3.2.0 FortiDeceptor 3.1.1 FortiDeceptor 3.1.0 FortiDeceptor 3.0.2 FortiDeceptor 3.0.1 FortiDeceptor 3.0.0 FortiSandbox 4.0.6 FortiSandbox 4.0.5 FortiSandbox 4.0.4 FortiSandbox 4.0.3 FortiSandbox 4.0.2 FortiSandbox 4.0.1 FortiSandbox 4.0.0 FortiSandbox 3.2.4 FortiSandbox 3.2.3 FortiSandbox 3.2.2 FortiSandbox 3.2.1 FortiSandbox 3.2.0 Improper password storage mechanism CVE-2022-26115 FortiDeceptor-5.0.0 FortiDeceptor-4.3.0 FortiDeceptor-4.2.0 FortiDeceptor-4.1.1 FortiDeceptor-4.1.0 FortiDeceptor-4.0.2 FortiDeceptor-4.0.1 FortiDeceptor-4.0.0 FortiDeceptor-3.3.3 FortiDeceptor-3.3.2 FortiDeceptor-3.3.1 FortiDeceptor-3.3.0 FortiDeceptor-3.2.2 FortiDeceptor-3.2.1 FortiDeceptor-3.2.0 FortiDeceptor-3.1.1 FortiDeceptor-3.1.0 FortiDeceptor-3.0.2 FortiDeceptor-3.0.1 FortiDeceptor-3.0.0 FortiSandbox-4.0.6 FortiSandbox-4.0.5 FortiSandbox-4.0.4 FortiSandbox-4.0.3 FortiSandbox-4.0.2 FortiSandbox-4.0.1 FortiSandbox-4.0.0 FortiSandbox-3.2.4 FortiSandbox-3.2.3 FortiSandbox-3.2.2 FortiSandbox-3.2.1 FortiSandbox-3.2.0 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-220 Improper password storage mechanism Reference>