CVE-2021-26091

{"id": "CVE-2021-26091", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-24T16:15:16.450", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-21-031", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials."}, {"lang": "es", "value": "El uso de una vulnerabilidad de generador de n\u00fameros pseudoaleatorios criptogr\u00e1ficamente d\u00e9bil en el autenticador del servicio de cifrado basado en identidad de FortiMail 6.4.0 a 6.4.4 y 6.2.0 a 6.2.7 puede permitir que un atacante no autenticado infiera partes de los tokens de autenticaci\u00f3n de los usuarios y restablezca sus credenciales."}], "lastModified": "2025-07-23T15:53:04.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6ECDB5E-50A7-4E63-9F38-A7C58EF06C3F", "versionEndExcluding": "6.4.5", "versionStartIncluding": "6.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}