Ethical Hacking News
Fortinet has issued a warning about ongoing exploitation of a 5-year-old vulnerability in its FortiOS operating system that allows attackers to bypass two-factor authentication when targeting vulnerable firewalls. Despite patches released in July 2020, threat actors continue to exploit this vulnerability, and organizations must take steps to protect themselves.
Fortinet has warned its customers about a 5-year-old vulnerability in its FortiOS operating system (CVE-2020-12812) that allows attackers to bypass two-factor authentication. Despite patches released in July 2020, threat actors are still actively exploiting this vulnerability in attacks. To be vulnerable, organizations must have local user entries on the FortiGate with LDAP enabled and linked to an LDAP group. Fortinet has observed recent abuse of this vulnerability due to misconfigured secondary LDAP Groups. The FBI and CISA warned in April 2021 about state-backed hackers exploiting multiple vulnerabilities, including CVE-2020-12812. Organizations are advised to ensure their FortiOS systems are up-to-date with the latest patches and review local user entries on the FortiGate.
Fortinet has issued a warning to its customers about the ongoing exploitation of a 5-year-old vulnerability in its FortiOS operating system. The vulnerability, tracked as CVE-2020-12812, allows attackers to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls.
In July 2020, Fortinet released patches for FortiOS versions 6.4.1, 6.2.4, and 6.0.10 to address this flaw. However, despite the patch, threat actors are still actively exploiting this vulnerability in attacks. According to Fortinet, attackers are targeting firewalls with LDAP (Lightweight Directory Access Protocol) enabled, which requires two-factor authentication.
To be vulnerable to these ongoing attacks, organizations must have local user entries on the FortiGate that require 2FA and are linked to LDAP. Additionally, these users must belong to an LDAP group, which must also be configured on the FortiGate.
Fortinet has observed recent abuse of this vulnerability in the wild based on specific configurations. This situation is possible due to the misconfiguration of a secondary LDAP Group that is used when the local LDAP authentication fails. If no such groups are required, they should be removed. Furthermore, if no LDAP groups are used at all, no authentication via LDAP group is possible, and users will fail authentication if the username is not a match to a local entry.
The FBI and CISA (Cybersecurity and Infrastructure Security Agency) warned in April 2021 that state-backed hackers were attacking Fortinet FortiOS instances using exploits targeting multiple vulnerabilities, including one abusing CVE-2020-12812 to bypass 2FA. This warning was issued after CISA added CVE-2020-12812 to its catalog of known exploited vulnerabilities in November 2021, tagging it as exploited in ransomware attacks and ordering federal agencies to secure their systems by May 2022.
Fortinet has frequently experienced FortiWeb zero-day vulnerabilities being exploited by threat actors, often as zero-day vulnerabilities. In November, the company warned of an actively exploited FortiWeb zero-day (CVE-2025-58034), one week after confirming that it had silently patched a second FortiWeb zero-day (CVE-2025-64446) that was abused in widespread attacks.
To avoid falling victim to these ongoing attacks, organizations are advised to ensure their FortiOS systems are up-to-date with the latest patches and to review their local user entries on the FortiGate. Furthermore, ensuring proper configuration of LDAP groups can help prevent exploitation of this vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Warns-of-Ongoing-Exploitation-of-5-Year-Old-FortiOS-2FA-Bypass-Vulnerability-ehn.shtml
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-5-year-old-fortios-2fa-bypass-still-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2020-12812
https://www.cvedetails.com/cve/CVE-2020-12812/
https://nvd.nist.gov/vuln/detail/CVE-2025-58034
https://www.cvedetails.com/cve/CVE-2025-58034/
https://nvd.nist.gov/vuln/detail/CVE-2025-64446
https://www.cvedetails.com/cve/CVE-2025-64446/
https://blog.qualys.com/vulnerabilities-threat-research/2025/11/14/unauthenticated-authentication-bypass-in-fortinet-fortiweb-cve-2025-64446-exploited-in-the-wild
Published: Mon Dec 29 05:24:38 2025 by llama3.2 3B Q4_K_M
