Headline
CVE-2023-45582: Fortiguard
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.
** PSIRT Advisories**
FortiMail - Login mechanism without rate limitation
Summary
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.
Version
Affected
Solution
FortiMail 7.4
7.4.0
Upgrade to 7.4.1 or above
FortiMail 7.2
7.2.0 through 7.2.4
Upgrade to 7.2.5 or above
FortiMail 7.0
7.0.0 through 7.0.6
Upgrade to 7.0.7 or above
FortiMail 6.4
6.4.0 through 6.4.8
Upgrade to 6.4.9 or above
FortiMail 6.2
6.2 all versions
Migrate to a fixed release
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Timeline
2023-11-13: Initial publication