Threat actors have launched attacks exploiting the half-decade-old medium-severity improper authentication vulnerability in Fortinet's FortiOS SSL VPN, tracked as CVE-2020-12812, according to Security Affairs.
Abuse of the flaw may allow logins while bypassing the second authentication factor if username cases have been modified, said Fortinet in a new advisory.
"This happens when two-factor authentication is enabled in the user local setting, and that user authentication type is set to a remote authentication method (eg: ldap). The issue exists because of inconsistent case sensitive matching among the local and remote authentication," Fortinet added.
Triggering the security weakness requires local user entries on the FortiGate with 2FA that reference to the LDAP directory, users to be part of an LDAP server group, and FortiGate configuration of one or more LDAP groups used by two-factor users.
Such an alert comes over three years after the same vulnerability was reported to have been exploited in separate intrusions by the Hive ransomware gang and the Iranian advanced persistent threat operation COBALT MIRAGE.
Abuse of the flaw may allow logins while bypassing the second authentication factor if username cases have been modified, said Fortinet in a new advisory.
"This happens when two-factor authentication is enabled in the user local setting, and that user authentication type is set to a remote authentication method (eg: ldap). The issue exists because of inconsistent case sensitive matching among the local and remote authentication," Fortinet added.
Triggering the security weakness requires local user entries on the FortiGate with 2FA that reference to the LDAP directory, users to be part of an LDAP server group, and FortiGate configuration of one or more LDAP groups used by two-factor users.
Such an alert comes over three years after the same vulnerability was reported to have been exploited in separate intrusions by the Hive ransomware gang and the Iranian advanced persistent threat operation COBALT MIRAGE.





