Unrated severityCISA KEVNVD Advisory· Published Jul 24, 2020· Updated Oct 21, 2025
CVE-2020-12812
CVE-2020-12812
Description
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Affected products
1Patches
Vulnerability mechanics
References
1- fortiguard.com/psirt/FG-IR-19-283mitrex_refsource_MISC
News mentions
1- U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026Trend Micro Research · Apr 9, 2026