An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-21-192 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-12-08T17:51:12
Updated: 2024-08-04T02:59:30.962Z
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-41030
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-12-08T18:15:18.613
Modified: 2021-12-10T16:57:44.123
Link: CVE-2021-41030
Redhat
No data.