Security Advisory

CVE-2021-44166

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-02 10:00:26

Last updated 2024-10-22 21:00:22

Assigner fortinet

State PUBLISHED

Description

An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained a users password to access the protected system during the 2FA procedure, even though the deny button is clicked by the legitimate user.

← Browse all CVEs View on cve.org ↗