An improper authentication vulnerability in SSL VPN in...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Mar 18, 2026
Description
Published by the National Vulnerability Database
Jul 24, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Mar 18, 2026
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
References