Case Insensitive Authentication Bypass in FortiOS SSL VPN

Case Insensitive Authentication Bypass in FortiOS SSL VPN

CVE-2020-12812 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Learn more about our Cis Benchmark Audit For Apple Ios.