An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a user's password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-21-210 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-03-02T10:00:26
Updated: 2024-08-04T04:17:24.370Z
Reserved: 2021-11-23T00:00:00
Link: CVE-2021-44166
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-02T10:15:07.750
Modified: 2022-03-11T19:40:52.643
Link: CVE-2021-44166
Redhat
No data.