Home
MEDIUM: 4.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:CDefault status
unaffected
8.0.0 (semver)
affected
7.6.0 (semver)
affected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
Description
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests
Problem types
Product status
8.0.0 (semver)
7.6.0 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-25-984
