CVE-2020-12812βFortinet FortiOS SSL VPN Improper Authentication Vulnerability
PUBLISHEDvulnerability record
2021-11-03 Β· last modified June 21, 2025
Metadata
Vulnerability Name
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Description
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Known To Be Used in Ransomware Campaigns?
Action
Apply updates per vendor instructions.