A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-21-027 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2021-07-09T18:17:26
Updated: 2021-07-09T18:17:26
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24020
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-09T19:15:08.197
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-24020
JSON object: View
Redhat Information
No data.
CWE