FortiMail - Improper use of cryptographic primitives in IBE KeyStore
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-244
Final
1
1
2021-07-07T00:00:00
Current version
2021-07-07T00:00:00
2021-07-07T00:00:00
Missing cryptographic steps in FortiMail IBE may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Improper access control
FortiMail version 6.4.4 and below.FortiMail version 6.2.6 and below.
Please upgrade to FortiMail version 7.0.0 or above
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.
FortiMail 6.4.8
FortiMail 6.4.7
FortiMail 6.4.6
FortiMail 6.4.5
FortiMail 6.4.4
FortiMail 6.4.3
FortiMail 6.4.2
FortiMail 6.4.1
FortiMail 6.4.0
FortiMail 6.2.9
FortiMail 6.2.8
FortiMail 6.2.7
FortiMail 6.2.6
FortiMail 6.2.5
FortiMail 6.2.4
FortiMail 6.2.3
FortiMail 6.2.2
FortiMail 6.2.1
FortiMail 6.2.0
FortiMail 6.0.12
FortiMail 6.0.11
FortiMail 6.0.10
FortiMail 6.0.9
FortiMail 6.0.8
FortiMail 6.0.7
FortiMail 6.0.6
FortiMail 6.0.5
FortiMail 6.0.4
FortiMail 6.0.3
FortiMail 6.0.2
FortiMail 6.0.1
FortiMail 6.0.0
FortiMail 5.4.12
FortiMail 5.4.11
FortiMail 5.4.10
FortiMail 5.4.9
FortiMail 5.4.8
FortiMail 5.4.7
FortiMail 5.4.6
FortiMail 5.4.5
FortiMail 5.4.4
FortiMail 5.4.3
FortiMail 5.4.2
FortiMail 5.4.1
FortiMail 5.4.0
FortiMail 5.3.13
FortiMail 5.3.12
FortiMail 5.3.10
FortiMail 5.3.9
FortiMail 5.3.8
FortiMail 5.3.7
FortiMail 5.3.6
FortiMail 5.3.5
FortiMail 5.3.4
FortiMail 5.3.3
FortiMail 5.3.2
FortiMail 5.3.1
FortiMail 5.3.0
FortiMail 5.2.10
FortiMail 5.2.9
FortiMail 5.2.8
FortiMail 5.2.7
FortiMail 5.2.6
FortiMail 5.2.5
FortiMail 5.2.4
FortiMail 5.2.3
FortiMail 5.2.2
FortiMail 5.2.1
FortiMail 5.2.0
FortiMail 5.1.7
FortiMail 5.1.6
FortiMail 5.1.5
FortiMail 5.1.4
FortiMail 5.1.3
FortiMail 5.1.2
FortiMail 5.1.1
FortiMail 5.1.0
FortiMail 5.0.11
FortiMail 5.0.10
FortiMail 5.0.9
FortiMail 5.0.8
FortiMail 5.0.7
FortiMail 5.0.6
FortiMail 5.0.5
FortiMail 5.0.4
FortiMail 5.0.3
FortiMail 5.0.2
FortiMail 5.0.1
FortiMail 5.0.0
FortiMail - Improper use of cryptographic primitives in IBE KeyStore
CVE-2021-26099
FortiMail-6.4.8
FortiMail-6.4.7
FortiMail-6.4.6
FortiMail-6.4.5
FortiMail-6.4.4
FortiMail-6.4.3
FortiMail-6.4.2
FortiMail-6.4.1
FortiMail-6.4.0
FortiMail-6.2.9
FortiMail-6.2.8
FortiMail-6.2.7
FortiMail-6.2.6
FortiMail-6.2.5
FortiMail-6.2.4
FortiMail-6.2.3
FortiMail-6.2.2
FortiMail-6.2.1
FortiMail-6.2.0
FortiMail-6.0.12
FortiMail-6.0.11
FortiMail-6.0.10
FortiMail-6.0.9
FortiMail-6.0.8
FortiMail-6.0.7
FortiMail-6.0.6
FortiMail-6.0.5
FortiMail-6.0.4
FortiMail-6.0.3
FortiMail-6.0.2
FortiMail-6.0.1
FortiMail-6.0.0
FortiMail-5.4.12
FortiMail-5.4.11
FortiMail-5.4.10
FortiMail-5.4.9
FortiMail-5.4.8
FortiMail-5.4.7
FortiMail-5.4.6
FortiMail-5.4.5
FortiMail-5.4.4
FortiMail-5.4.3
FortiMail-5.4.2
FortiMail-5.4.1
FortiMail-5.4.0
FortiMail-5.3.13
FortiMail-5.3.12
FortiMail-5.3.10
FortiMail-5.3.9
FortiMail-5.3.8
FortiMail-5.3.7
FortiMail-5.3.6
FortiMail-5.3.5
FortiMail-5.3.4
FortiMail-5.3.3
FortiMail-5.3.2
FortiMail-5.3.1
FortiMail-5.3.0
FortiMail-5.2.10
FortiMail-5.2.9
FortiMail-5.2.8
FortiMail-5.2.7
FortiMail-5.2.6
FortiMail-5.2.5
FortiMail-5.2.4
FortiMail-5.2.3
FortiMail-5.2.2
FortiMail-5.2.1
FortiMail-5.2.0
FortiMail-5.1.7
FortiMail-5.1.6
FortiMail-5.1.5
FortiMail-5.1.4
FortiMail-5.1.3
FortiMail-5.1.2
FortiMail-5.1.1
FortiMail-5.1.0
FortiMail-5.0.11
FortiMail-5.0.10
FortiMail-5.0.9
FortiMail-5.0.8
FortiMail-5.0.7
FortiMail-5.0.6
FortiMail-5.0.5
FortiMail-5.0.4
FortiMail-5.0.3
FortiMail-5.0.2
FortiMail-5.0.1
FortiMail-5.0.0
4.2
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-244
FortiMail - Improper use of cryptographic primitives in IBE KeyStore
Reference>