This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows an attacker to compromise users' passwords.
The vulnerability exists due to missing cryptographic steps in the function that encrypts users' LDAP and RADIUS credentials. An attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
Fortinet FortiMail: 5.0 - 7.0.1
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?