{"api_version":"1","generated_at":"2026-05-06T22:01:07+00:00","cve":"CVE-2021-24005","urls":{"html":"https://cve.report/CVE-2021-24005","api":"https://cve.report/api/cve/CVE-2021-24005.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-24005","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-24005"},"summary":{"title":"CVE-2021-24005","description":"Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2021-07-06 11:15:00","updated_at":"2021-07-08 17:36:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-20-049","name":"https://fortiguard.com/psirt/FG-IR-20-049","refsource":"CONFIRM","tags":[],"title":"FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-24005","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-24005","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"24005","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortiauthenticator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-24005","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"FortiAuthenticator","version":{"version_data":[{"version_value":"FortiAuthenticator versions before 6.3.0."}]}}]}}]}},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Local","availabilityImpact":"None","baseScore":3.9,"baseSeverity":"Low","confidentialityImpact":"Low","integrityImpact":"None","privilegesRequired":"None","scope":"Unchanged","userInteraction":"None","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://fortiguard.com/psirt/FG-IR-20-049","url":"https://fortiguard.com/psirt/FG-IR-20-049"}]},"description":{"description_data":[{"lang":"eng","value":"Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key."}]}},"nvd":{"publishedDate":"2021-07-06 11:15:00","lastModifiedDate":"2021-07-08 17:36:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.3.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"24005","Ordinal":"198764","Title":"CVE-2021-24005","CVE":"CVE-2021-24005","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"24005","Ordinal":"1","NoteData":"Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"24005","Ordinal":"2","NoteData":"2021-07-06","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"24005","Ordinal":"3","NoteData":"2021-07-06","Type":"Other","Title":"Modified"}]}}}