all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiMail - Login mechanism without rate limitation

Add to bookmarks
Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail may allow an unauthenticated attacker to  perform a brute force attack on the affected endpoints via repeated login attempts.

attack attacker authentication brute cwe endpoints login login attempts may mechanism rate unauthenticated vulnerability webmail

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks, 1 day ago | fortiguard.fortinet.com
actor attacker cwe device +17
FortiSandbox - Arbitrary file read on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary files attacker cwe directory +12
FortiNAC-F - Lack of certificate validation 3 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker certificate channel +12
FortiOS - Format String in CLI command 3 weeks, 1 day ago | fortiguard.fortinet.com
access admin arbitrary code attacker +16
FortiOS & FortiProxy - administrator cookie leakage 3 weeks, 1 day ago | fortiguard.fortinet.com
administrator attacker conditions cookie +10
FortiSandbox - Arbitrary file delete on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary files attacker cwe delete +13
FortiClientMac - Lack of configuration file validation 3 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code attacker code configuration +15
FortiManager - Code Injection via Jinja Template 3 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +11
FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks, 1 day ago | fortiguard.fortinet.com
access admin arbitrary code arbitrary code execution +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs