A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-071 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-07-18T16:35:37
Updated: 2024-08-03T06:10:58.995Z
Reserved: 2022-04-11T00:00:00
Link: CVE-2022-29060
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-19T14:15:08.603
Modified: 2022-07-27T12:50:13.893
Link: CVE-2022-29060
Redhat
No data.