CVE-2021-32596 — MEDIUM (6.0)

Q: How severe is CVE-2021-32596?

CVE-2021-32596 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32596?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiportal.

Vulnerability Description

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Fortinet	Fortiportal	>= 6.0.0, <= 6.0.4

Related Weaknesses (CWE)

CWE-916

References

https://fortiguard.com/advisory/FG-IR-21-094Vendor Advisory
https://fortiguard.com/advisory/FG-IR-21-094Vendor Advisory

FAQ

What is CVE-2021-32596?

CVE-2021-32596 is a vulnerability with a CVSS score of 6.0 (MEDIUM). A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to dec...

How severe is CVE-2021-32596?

CVE-2021-32596 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32596?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiportal.