Primary

Context

Fortinet FortiTokenAndroid Improper Export of Application Components Vulnerability Allowing OTP Disclosure

Vulnerability

A vulnerability exists in Fortinet FortiTokenAndroid versions 6.2, 6.1, and 5.2, due to improper export of Android application components. This flaw may enable other applications on the device to access one-time password (OTP) codes through an exported Content Provider URI.

Impact

Exploitation of this vulnerability could lead to unauthorized access to OTP codes, allowing attackers to bypass two-factor authentication mechanisms that rely on these codes.

Remediation

Users are advised to migrate to a fixed release of Fortinet FortiTokenAndroid. Instructions for downloading the latest version can be found on the Fortinet website.

Added: May 12, 2026, 6:51 PM

Updated: May 12, 2026, 6:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiTokenAndroid Improper Export of Application Components Vulnerability Allowing OTP Disclosure

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiTokenAndroid

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating