Predictable Salt Vulnerability in FortiPortal Password Storing Mechanism

Predictable Salt Vulnerability in FortiPortal Password Storing Mechanism

CVE-2021-32596 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

Learn more about our Web Application Penetration Testing UK.