CVE-2021-36171 is a vulnerability in Fortinet Fortiportal
Published on March 1, 2022
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
Vulnerability Analysis
CVE-2021-36171 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2021-36171
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-36171 are published in Fortinet Fortiportal:
Affected Versions
Fortinet FortiPortal Version FortiPortal before 6.0.6 is affected by CVE-2021-36171Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.