Main Vulnerability Database Vulnerabilities #VU55540

Use of a One-Way Hash with a Predictable Salt in FortiPortal - CVE-2021-32596

Published: August 3, 2021

Vulnerability identifier: #VU55540

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-32596

CWE-ID: CWE-760

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FortiPortal

Software vendor:
Fortinet, Inc

Description

The vulnerability allows an attacker to restore password from password hash.

The vulnerability exists due to FortiPortal uses ne-way hash with a predictable salt when storing passwords. An attacker with access to the password hash can restore password from it by means of precomputed tables.

Remediation

Install updates from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-21-094

Use of a One-Way Hash with a Predictable Salt in FortiPortal - CVE-2021-32596

Description

Remediation

External links

Please verify you're human