Weak Password Requirements
CVE-2022-26117
Summary
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-521 - Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
References
Advisory Timeline
- Published