Fortinet has warned prospects that menace actors are nonetheless actively exploiting a essential FortiOS vulnerability that permits them to bypass two-factor authentication (2FA) when concentrating on susceptible FortiGate firewalls.
Tracked as CVE-2020-12812, this improper authentication safety flaw was present in FortiGate SSL VPN and permits attackers to log in to unpatched firewalls with out being prompted for the second issue of authentication (FortiToken) when altering the case of the username.
“This occurs when two-factor authentication is enabled within the ‘person native’ setting, and that person authentication sort is ready to a distant authentication methodology (eg: ldap),” Fortinet defined when it patched the vulnerability in July 2020. “The difficulty exists due to inconsistent case delicate matching among the many native and distant authentication.”
Fortinet launched FortiOS variations 6.4.1, 6.2.4, and 6.0.10 in July 2020 to deal with this flaw and suggested IT admins who cannot deploy the safety replace to show off username-case-sensitivity to keep away from the 2FA bypass difficulty.
Final week, the corporate warned prospects that attackers are nonetheless exploiting CVE-2020-12812 within the wild, concentrating on firewalls with LDAP (Light-weight Listing Entry Protocol) enabled.
Nevertheless, to be susceptible to those ongoing assaults, organizations should have native person entries on the FortiGate that require two-factor authentication (2FA) and are linked to LDAP. Moreover, these customers should belong to an LDAP group, which should even be configured on the FortiGate.
“Fortinet has noticed current abuse of the July 2020 vulnerability FG-IR-19-283 / CVE-2020-12812 within the wild primarily based on particular configurations,” it mentioned.
“A part of what makes this example attainable is the misconfiguration of a secondary LDAP Group that’s used when the native LDAP authentication fails. If a secondary LDAP Group just isn’t required, it ought to be eliminated. If no LDAP teams are used in any respect, no authentication through LDAP group is feasible, and the person will fail authentication if the username just isn’t a match to an area entry.”
In April 2021, the FBI and CISA warned that state-backed hackers had been attacking Fortinet FortiOS cases utilizing exploits concentrating on a number of vulnerabilities, together with one abusing CVE-2020-12812 to bypass 2FA.
Seven months later, in November 2021, CISA added CVE-2020-12812 to its catalog of identified exploited vulnerabilities, tagging it as exploited in ransomware assaults and ordering federal businesses to safe their methods by Could 2022.
Fortinet vulnerabilities are ceaselessly exploited in assaults, typically as zero-day vulnerabilities. As an illustration, in November, the corporate warned of an actively exploited FortiWeb zero-day (CVE-2025-58034), one week after confirming that it had silently patched a second FortiWeb zero-day (CVE-2025-64446) that was abused in widespread assaults.
Damaged IAM is not simply an IT drawback – the affect ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
