Attacker Value
Moderate
1

CVE-2020-12812

Disclosure Date: July 24, 2020

Exploitability

(1 user assessed) Very High
Attack Vector
Network
Privileges Required
None
User Interaction
None

Description

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Add Assessment

3
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Technical Analysis

The advisory isn’t worded very well, but it seems that logging in to the SSL VPN with a different-case username than set will allow 2FA to be bypassed, opening up the VPN to password attacks, such as password spraying.

Successful VPN access to an internal network can open up a lot of doors for an attacker, turning an external compromise into an authorized internal one. Many corporate services are hidden behind VPN. That said, proper network segmentation and secondary access controls can mitigate some of the risk. The “attacker value” is “medium” because this is just a 2FA bypass and also because of the listed caveats. It isn’t terribly useful on its own.

The KB article is written much better.

General Information

Products

  • Fortinet FortiOS

Additional Info

Technical Analysis