FortiOS 6.4.0 Improper Authentication Vulnerability
FortiOS 6.4.0 suffers from improper authentication vulnerability
The information has been provided by Vendor
The original article can be found at:https://fortiguard.com/psirt/FG-IR-19-283
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
FortiOS 6.2.0 to 6.2.3
FortiOS 6.0.9 and below