BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityFortinet PSIRT·51d ago

2FA request can be replayed without a valid token after one successful request

CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration. Revised on 2026-04-14 00:00:00

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by Fortinet PSIRT

Source: https://fortiguard.fortinet.com/psirt/FG-IR-26-101

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin