Cybersecurity

Fortinet Warns Of 5-year-old Fortios 2fa Bypass Still Exploited In...

2025-12-29 0 views admin
Fortinet Warns Of 5-year-old Fortios 2fa Bypass Still Exploited In...

Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls.

Tracked as CVE-2020-12812, this improper authentication security flaw was found in FortiGate SSL VPN and enables attackers to log in to unpatched firewalls without being prompted for the second factor of authentication (FortiToken) when changing the case of the username.

"This happens when two-factor authentication is enabled in the 'user local' setting, and that user authentication type is set to a remote authentication method (eg: ldap)," Fortinet explained when it patched the vulnerability in July 2020. "The issue exists because of inconsistent case sensitive matching among the local and remote authentication."

Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw and advised IT admins who can't deploy the security update to turn off username-case-sensitivity to avoid the 2FA bypass issue.

Last week, the company warned customers that attackers are still exploiting CVE-2020-12812 in the wild, targeting firewalls with LDAP (Lightweight Directory Access Protocol) enabled.

However, to be vulnerable to these ongoing attacks, organizations must have local user entries on the FortiGate that require two-factor authentication (2FA) and are linked to LDAP. Additionally, these users must belong to an LDAP group, which must also be configured on the FortiGate.

"Fortinet has observed recent abuse of the July 2020 vulnerability FG-IR-19-283 / CVE-2020-12812 in the wild based on specific configurations," it said.

"Part of what makes this situation possible is the misconfiguration of a secondary LDAP Group that is used when the local LDAP authentication fails. If a secondary LDAP Group is not required, it should be removed. If no LDAP groups are used at all, no authentication via LDAP group is possible, and the user will fail authentication if the username is not a match to a local entry."

In April 2021, the FBI and CISA warned that state-backed hackers were attacking Fortinet FortiOS instances using exploits targeting multiple vulnerabilities, including one abusing CVE-2020-12812 to bypass 2FA.

Seven months later, in November 2021, CISA added CVE-2020-12812 to its catalog of known exploited vulnerabilities, tagging it as exploited in ransomware attacks and ordering federal agencies to secure their systems

Source: BleepingComputer

🏷️ Tags

securityhackvulnerabilitycveransomware

More from Cybersecurity

Critical 5 Threats That Defined Security In 2025

Critical 5 Threats That Defined Security In 2025

2025-12-29 0
Korean Air Data Breach Exposes Data Of Thousands Of Employees

Korean Air Data Breach Exposes Data Of Thousands Of Employees

2025-12-29 0
Microsoft Copilot Is Rolling Out Gpt 5.2 As "smart Plus" Mode

Microsoft Copilot Is Rolling Out Gpt 5.2 As "smart Plus" Mode

2025-12-29 0
27 Malicious Npm Packages Used As Phishing Infrastructure To Steal...

27 Malicious Npm Packages Used As Phishing Infrastructure To Steal...

2025-12-29 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views