Insecure PRNG in password and token generation scheme of IBE authentication Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-031 Final 1 1 2021-07-07T00:00:00 Current version 2021-07-07T00:00:00 2021-07-07T00:00:00 A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of FortiMail Identity Based Encryption service may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials. Improper access control FortiMail 6.4.4 and below.FortiMail 6.2.6 and below. Please upgrade to FortiMail version 7.0.0 or abovePlease upgrade to FortiMail version 6.4.5 or above Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team. CVE-2021-26091 6.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-031 Insecure PRNG in password and token generation scheme of IBE authentication Reference>