Potential Remote_wildcard RADIUS login bypass
Summary
An improper access control vulnerability [CWE-284] in FortiMail configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
Version | Affected | Solution |
---|---|---|
FortiMail 7.4 | 7.4.0 | Upgrade to 7.4.1 or above |
Timeline
2023-12-12: Initial publication