Lucene search
FortinetCVELIST:CVE-2021-26113HistoryApr 06, 2022 - 4:00 p.m.
CVE-2021-26113
2022-04-0616:00:57
fortinet
www.cve.org
3
cve-2021-26113
one-way hash
predictable salt
fortiwan
password file
attacker
guess password
CVSS3
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C
EPSS
0.002
Percentile
51.4%
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.
CNA Affected
[
{
"product": "Fortinet FortiWAN",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiWAN before 4.5.9"
}
]
}
]References
Related
fortinet
fortinet
FortiWAN - Use of hardcoded salt for password hashing
2022-04-05 00:00:00
prion
prion
Default credentials
2022-04-06 16:15:00
nvd
nvd
CVE-2021-26113
2022-04-06 16:15:07
cve
cve
CVE-2021-26113
2022-04-06 16:15:07
CVSS3
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C
EPSS
0.002
Percentile
51.4%
Related for CVELIST:CVE-2021-26113