FortiWAN - Use of hardcoded salt for password hashing
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-064
Final
1
1
2022-04-05T00:00:00
Current version
2022-04-05T00:00:00
2022-04-05T00:00:00
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.
None
Information disclosure
FortiWAN version 4.5.8 and below.
Upgrade to FortiWAN version 4.5.9 or above.
Internally reported and discovered by Giuseppe Cocomazzi of Fortinet Product Security team.
FortiWAN 4.5.8
FortiWAN - Use of hardcoded salt for password hashing
CVE-2021-26113
FortiWAN-4.5.8
5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-064
FortiWAN - Use of hardcoded salt for password hashing
Reference>