#VU55540 Use of a One-Way Hash with a Predictable Salt in FortiPortal - CVE-2021-32596

Cybersecurity Help s.r.o.

Published: 2021-08-03

Vulnerability identifier: #VU55540

Vulnerability risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-32596

CWE-ID: CWE-760

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
FortiPortal
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc

Description

The vulnerability allows an attacker to restore password from password hash.

The vulnerability exists due to FortiPortal uses ne-way hash with a predictable salt when storing passwords. An attacker with access to the password hash can restore password from it by means of precomputed tables.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiPortal: 6.0.0 - 6.0.4

External links
https://www.fortiguard.com/psirt/FG-IR-21-094

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Fortinet FortiPortal