Unrated severityNVD Advisory· Published Mar 24, 2025· Updated Mar 31, 2025

CVE-2021-26091

Description

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.

Affected products

Fortinet/Fortimailv5
cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
Range: 6.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/advisory/FG-IR-21-031mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000