Fortinet FortiMail Cryptographically Weak Random Number Generator Vulnerability in Identity Based Encryption Service

Vulnerability

A vulnerability has been identified in Fortinet FortiMail versions 6.4.0 to 6.4.4 and 6.2.0 to 6.2.7. This vulnerability arises from the use of a cryptographically weak pseudo-random number generator in the authenticator of the Identity Based Encryption service. It may allow an unauthenticated attacker to infer parts of users' authentication tokens and reset their credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized inference of authentication token parts, allowing for credential resets.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiMail Cryptographically Weak Random Number Generator Vulnerability in Identity Based Encryption Service

Vulnerability

Impact

Affected Products

Fortinet FortiMail

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating