CVE-2021-32596

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

Published: Aug 4, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32596
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-916

Affected Software
References

Software	From	Fixed in
fortinet / fortiportal	6.0.0	6.0.4.x

https://fortiguard.com/advisory/FG-IR-21-094

Vulnerability Database

289,871

CVE-2021-32596