Description Preview
Overview
This vulnerability affects the authentication mechanism in Fortinet FortiOS SSL VPN services. The issue stems from case sensitivity problems in the username validation process. When a user attempts to log in with a modified case version of their username (e.g., "Admin" instead of "admin"), the system incorrectly authenticates the user after the first factor (password) without requiring the second authentication factor (FortiToken). This represents a significant security weakness as it effectively negates the protection provided by two-factor authentication, allowing attackers with knowledge of valid credentials to gain unauthorized VPN access without possessing the physical FortiToken or mobile authenticator app required for complete authentication.
Remediation
Organizations using affected versions of FortiOS should immediately upgrade to the following patched versions:
- FortiOS 6.4.1 or above
- FortiOS 6.2.4 or above
- FortiOS 6.0.10 or above
Additional security measures to implement:
- Audit VPN access logs for signs of exploitation, looking for login attempts with case variations of legitimate usernames.
- Implement IP-based restrictions for VPN access where possible.
- Ensure strong password policies are in place.
- Consider implementing additional network segmentation to limit access from VPN users.
- Monitor for unusual login patterns or access attempts.
- Review and validate all VPN user accounts to ensure only authorized users have access.
References
- Fortinet PSIRT Advisory: https://fortiguard.com/psirt/FG-IR-19-283
- MITRE CWE-287: Improper Authentication
- MITRE CWE-178: Improper Handling of Case Sensitivity
- CVE-2020-12812 in the National Vulnerability Database
Early Warning
Armis Early Warning customers received an advanced alert on this vulnerability.
- Armis Alert Date
- Jun 12, 2021
- CISA KEV Date
- Nov 3, 2021
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- Transportation & WarehousingTransportation & Warehousing
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- ConstructionConstruction
- Educational ServicesEducational Services
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
