Researchers warn that thousands of Fortinet instances are at risk of exploitation after the company disclosed that a legacy flaw is under renewed attack.
The vulnerability, tracked as CVE-2020-12812, has been exploited in the wild in recent weeks when operating under certain configurations, according to a blog from Fortinet released on Christmas Eve.
The original flaw related to an improper authentication vulnerability in SSL VPN in FortiOS, which could allow a user to log in without being prompted for a second factor.
Under certain configurations, FortiGate can allow Lightweight Directory Access Protocol users to bypass two-factor authentication and instead authenticate against LDAP directly, according to Fortinet. The company said this is due to differences in the behavior of LDAP directories.
The behavior is linked to FortiGate treating usernames as if they are case-sensitive by default when the LDAP directory does the opposite, according to the blog.
Researchers at Shadowserver on Friday warned that more than 10,000 Fortinet firewalls remain unpatched, even though the original flaw was disclosed in July 2020.
The company asked users to get in contact if there is evidence they may have been impacted.