A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-21-027 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-07-09T18:17:26
Updated: 2024-10-25T13:57:25.857Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24020
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-07-09T19:15:08.197
Modified: 2024-11-21T05:52:13.380
Link: CVE-2021-24020
Redhat
No data.